836e482241225a1a725ec9ae5b51ff1284dcb4d141e212029eac2bb171ecdfe9

Analysis

max time kernel
23s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40b774565b57b2baaa0fb9ff4b93d200N.exe
Size

1.4MB
MD5

40b774565b57b2baaa0fb9ff4b93d200
SHA1

b648b6779807b915dba741ad9f70e48bd3a0e261
SHA256

836e482241225a1a725ec9ae5b51ff1284dcb4d141e212029eac2bb171ecdfe9
SHA512

e51da9fe882af119a0e7c9ecd905897036088ac0822002e4f9ea7211b01885f0ec3dfa9fba522cbe9958d40c0b7f86ecd0015c6221a76efdd3fe497d49b58141
SSDEEP

24576:864g2QIxGiEegTy5zThwsP7GoogSCmeYZ/FnjUWnLSB/OopYh/2H07f9/aYc859H:5bMEegCTh/Koo5j/jLSM12H4fBVj9d

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	40b774565b57b2baaa0fb9ff4b93d200N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\I:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\M:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\N:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\P:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\R:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\S:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\T:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\W:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\X:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\Z:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\H:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\K:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\Y:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\A:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\B:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\G:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\J:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\L:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\O:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\Q:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\U:	40b774565b57b2baaa0fb9ff4b93d200N.exe
File opened (read-only)	\??\V:	40b774565b57b2baaa0fb9ff4b93d200N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\brasilian lingerie full movie legs .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia bukkake several models femdom .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african lesbian full movie cock fishy .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\IME\shared\handjob public (Ashley).mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\chinese sperm cum uncut (Sylvia).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse sleeping .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian sperm catfight .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling girls traffic .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british fucking lesbian [free] .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\System32\DriverStore\Temp\danish lingerie beastiality full movie sweet .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\Download\american fucking beastiality catfight penetration .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian gay porn [bangbus] lady .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files\Windows Journal\Templates\african beast catfight titts blondie .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish gang bang lingerie several models vagina (Sonja,Curtney).zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british sperm trambling licking (Jade).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish cum lesbian masturbation .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\nude several models (Sylvia,Christine).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob lesbian (Liz,Sylvia).zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx [bangbus] hole .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fucking [milf] mistress .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\spanish fetish [bangbus] sweet .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\kicking horse public .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files\DVD Maker\Shared\beastiality cumshot girls hotel (Gina).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Google\Temp\kicking horse masturbation vagina black hairunshaved .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\malaysia bukkake action full movie (Anniston,Sandy).avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese xxx hidden legs .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\security\templates\brasilian lingerie [milf] titts traffic .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\SoftwareDistribution\Download\porn hidden shower (Janette,Jenna).avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\asian xxx action girls legs young .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\canadian kicking full movie .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish handjob bukkake lesbian titts .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\bukkake blowjob masturbation leather (Anniston).zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\handjob licking girly (Sonja,Sonja).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish lingerie lesbian several models 40+ .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lingerie fetish lesbian 40+ .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\danish porn uncut .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\porn animal voyeur titts traffic .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\indian kicking blowjob masturbation .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\lesbian nude uncut hairy .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\mssrv.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\assembly\temp\japanese fucking hot (!) .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\french cumshot [bangbus] .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\hardcore [milf] .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\Temp\porn licking beautyfull .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian kicking cumshot big latex .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\italian lesbian animal girls .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\swedish sperm [free] penetration .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\hardcore handjob catfight .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian gang bang masturbation .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\gay sleeping boobs ejaculation .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\trambling [milf] boobs sm .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\lingerie animal full movie ash .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese handjob lingerie lesbian upskirt (Sandy,Kathrin).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\asian cumshot trambling girls mature .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\animal cumshot full movie YEâPSè& .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\Downloaded Program Files\french handjob cum catfight ejaculation .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fucking several models nipples fishy .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\tyrkish action catfight femdom .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\nude animal uncut 40+ .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\beast lesbian .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\brasilian lesbian big .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian beast animal public granny (Sonja).avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lingerie [bangbus] sm (Sylvia,Sarah).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\italian hardcore hidden balls .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\xxx [milf] .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\italian sperm fucking big .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black trambling hidden boobs balls .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\russian bukkake sperm voyeur boobs .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish handjob full movie vagina circumcision .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\action licking .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish animal [free] hotel .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\brasilian gang bang hardcore licking shower .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\norwegian beast gang bang [bangbus] femdom .rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\chinese gang bang voyeur (Ashley).mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\american fetish public .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\black kicking hidden balls .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\sperm full movie leather (Sandy).rar.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\asian horse porn hidden .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese trambling sleeping redhair .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\indian gang bang masturbation .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\tyrkish hardcore hot (!) ash .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\PLA\Templates\spanish beast hidden YEâPSè& .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\trambling [free] upskirt .mpg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\german porn sleeping fishy .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\french horse public feet young .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian bukkake catfight .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\danish porn blowjob lesbian legs shoes .zip.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\handjob bukkake [milf] swallow .mpeg.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\malaysia beast [milf] YEâPSè& .avi.exe	40b774565b57b2baaa0fb9ff4b93d200N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
2892	40b774565b57b2baaa0fb9ff4b93d200N.exe
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
3036	40b774565b57b2baaa0fb9ff4b93d200N.exe
2016	40b774565b57b2baaa0fb9ff4b93d200N.exe
2892	40b774565b57b2baaa0fb9ff4b93d200N.exe
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
2012	40b774565b57b2baaa0fb9ff4b93d200N.exe
1456	40b774565b57b2baaa0fb9ff4b93d200N.exe
1492	40b774565b57b2baaa0fb9ff4b93d200N.exe
3036	40b774565b57b2baaa0fb9ff4b93d200N.exe
2876	40b774565b57b2baaa0fb9ff4b93d200N.exe
2016	40b774565b57b2baaa0fb9ff4b93d200N.exe
2892	40b774565b57b2baaa0fb9ff4b93d200N.exe
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
1400	40b774565b57b2baaa0fb9ff4b93d200N.exe
1612	40b774565b57b2baaa0fb9ff4b93d200N.exe
1300	40b774565b57b2baaa0fb9ff4b93d200N.exe
1784	40b774565b57b2baaa0fb9ff4b93d200N.exe
2012	40b774565b57b2baaa0fb9ff4b93d200N.exe
2008	40b774565b57b2baaa0fb9ff4b93d200N.exe
1688	40b774565b57b2baaa0fb9ff4b93d200N.exe
1456	40b774565b57b2baaa0fb9ff4b93d200N.exe
3036	40b774565b57b2baaa0fb9ff4b93d200N.exe
1492	40b774565b57b2baaa0fb9ff4b93d200N.exe
1752	40b774565b57b2baaa0fb9ff4b93d200N.exe
1432	40b774565b57b2baaa0fb9ff4b93d200N.exe
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
2876	40b774565b57b2baaa0fb9ff4b93d200N.exe
2016	40b774565b57b2baaa0fb9ff4b93d200N.exe
2892	40b774565b57b2baaa0fb9ff4b93d200N.exe
2592	40b774565b57b2baaa0fb9ff4b93d200N.exe
704	40b774565b57b2baaa0fb9ff4b93d200N.exe
2160	40b774565b57b2baaa0fb9ff4b93d200N.exe
572	40b774565b57b2baaa0fb9ff4b93d200N.exe
992	40b774565b57b2baaa0fb9ff4b93d200N.exe
1400	40b774565b57b2baaa0fb9ff4b93d200N.exe
1612	40b774565b57b2baaa0fb9ff4b93d200N.exe
1300	40b774565b57b2baaa0fb9ff4b93d200N.exe
408	40b774565b57b2baaa0fb9ff4b93d200N.exe
2012	40b774565b57b2baaa0fb9ff4b93d200N.exe
804	40b774565b57b2baaa0fb9ff4b93d200N.exe
2008	40b774565b57b2baaa0fb9ff4b93d200N.exe
3036	40b774565b57b2baaa0fb9ff4b93d200N.exe
1492	40b774565b57b2baaa0fb9ff4b93d200N.exe
1012	40b774565b57b2baaa0fb9ff4b93d200N.exe
1132	40b774565b57b2baaa0fb9ff4b93d200N.exe
1784	40b774565b57b2baaa0fb9ff4b93d200N.exe
952	40b774565b57b2baaa0fb9ff4b93d200N.exe
1752	40b774565b57b2baaa0fb9ff4b93d200N.exe
1752	40b774565b57b2baaa0fb9ff4b93d200N.exe
1456	40b774565b57b2baaa0fb9ff4b93d200N.exe
1456	40b774565b57b2baaa0fb9ff4b93d200N.exe
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
1068	40b774565b57b2baaa0fb9ff4b93d200N.exe
2980	40b774565b57b2baaa0fb9ff4b93d200N.exe
1068	40b774565b57b2baaa0fb9ff4b93d200N.exe
1372	40b774565b57b2baaa0fb9ff4b93d200N.exe
1372	40b774565b57b2baaa0fb9ff4b93d200N.exe
1312	40b774565b57b2baaa0fb9ff4b93d200N.exe
1780	40b774565b57b2baaa0fb9ff4b93d200N.exe
1780	40b774565b57b2baaa0fb9ff4b93d200N.exe
1312	40b774565b57b2baaa0fb9ff4b93d200N.exe
1432	40b774565b57b2baaa0fb9ff4b93d200N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2892	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	30
PID 2980 wrote to memory of 2892	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	30
PID 2980 wrote to memory of 2892	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	30
PID 2980 wrote to memory of 2892	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	30
PID 2892 wrote to memory of 3036	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	31
PID 2892 wrote to memory of 3036	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	31
PID 2892 wrote to memory of 3036	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	31
PID 2892 wrote to memory of 3036	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	31
PID 2980 wrote to memory of 2016	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	32
PID 2980 wrote to memory of 2016	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	32
PID 2980 wrote to memory of 2016	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	32
PID 2980 wrote to memory of 2016	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	32
PID 3036 wrote to memory of 2012	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	33
PID 3036 wrote to memory of 2012	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	33
PID 3036 wrote to memory of 2012	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	33
PID 3036 wrote to memory of 2012	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	33
PID 2016 wrote to memory of 1456	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	34
PID 2016 wrote to memory of 1456	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	34
PID 2016 wrote to memory of 1456	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	34
PID 2016 wrote to memory of 1456	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	34
PID 2892 wrote to memory of 1492	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	35
PID 2892 wrote to memory of 1492	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	35
PID 2892 wrote to memory of 1492	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	35
PID 2892 wrote to memory of 1492	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	35
PID 2980 wrote to memory of 2876	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	36
PID 2980 wrote to memory of 2876	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	36
PID 2980 wrote to memory of 2876	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	36
PID 2980 wrote to memory of 2876	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	36
PID 2012 wrote to memory of 1400	2012	40b774565b57b2baaa0fb9ff4b93d200N.exe	37
PID 2012 wrote to memory of 1400	2012	40b774565b57b2baaa0fb9ff4b93d200N.exe	37
PID 2012 wrote to memory of 1400	2012	40b774565b57b2baaa0fb9ff4b93d200N.exe	37
PID 2012 wrote to memory of 1400	2012	40b774565b57b2baaa0fb9ff4b93d200N.exe	37
PID 1456 wrote to memory of 1612	1456	40b774565b57b2baaa0fb9ff4b93d200N.exe	38
PID 1456 wrote to memory of 1612	1456	40b774565b57b2baaa0fb9ff4b93d200N.exe	38
PID 1456 wrote to memory of 1612	1456	40b774565b57b2baaa0fb9ff4b93d200N.exe	38
PID 1456 wrote to memory of 1612	1456	40b774565b57b2baaa0fb9ff4b93d200N.exe	38
PID 3036 wrote to memory of 1300	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	39
PID 3036 wrote to memory of 1300	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	39
PID 3036 wrote to memory of 1300	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	39
PID 3036 wrote to memory of 1300	3036	40b774565b57b2baaa0fb9ff4b93d200N.exe	39
PID 1492 wrote to memory of 1784	1492	40b774565b57b2baaa0fb9ff4b93d200N.exe	40
PID 1492 wrote to memory of 1784	1492	40b774565b57b2baaa0fb9ff4b93d200N.exe	40
PID 1492 wrote to memory of 1784	1492	40b774565b57b2baaa0fb9ff4b93d200N.exe	40
PID 1492 wrote to memory of 1784	1492	40b774565b57b2baaa0fb9ff4b93d200N.exe	40
PID 2876 wrote to memory of 2008	2876	40b774565b57b2baaa0fb9ff4b93d200N.exe	41
PID 2876 wrote to memory of 2008	2876	40b774565b57b2baaa0fb9ff4b93d200N.exe	41
PID 2876 wrote to memory of 2008	2876	40b774565b57b2baaa0fb9ff4b93d200N.exe	41
PID 2876 wrote to memory of 2008	2876	40b774565b57b2baaa0fb9ff4b93d200N.exe	41
PID 2016 wrote to memory of 1688	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	42
PID 2016 wrote to memory of 1688	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	42
PID 2016 wrote to memory of 1688	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	42
PID 2016 wrote to memory of 1688	2016	40b774565b57b2baaa0fb9ff4b93d200N.exe	42
PID 2980 wrote to memory of 1752	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	43
PID 2980 wrote to memory of 1752	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	43
PID 2980 wrote to memory of 1752	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	43
PID 2980 wrote to memory of 1752	2980	40b774565b57b2baaa0fb9ff4b93d200N.exe	43
PID 2892 wrote to memory of 1432	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	44
PID 2892 wrote to memory of 1432	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	44
PID 2892 wrote to memory of 1432	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	44
PID 2892 wrote to memory of 1432	2892	40b774565b57b2baaa0fb9ff4b93d200N.exe	44
PID 1400 wrote to memory of 2592	1400	40b774565b57b2baaa0fb9ff4b93d200N.exe	45
PID 1400 wrote to memory of 2592	1400	40b774565b57b2baaa0fb9ff4b93d200N.exe	45
PID 1400 wrote to memory of 2592	1400	40b774565b57b2baaa0fb9ff4b93d200N.exe	45
PID 1400 wrote to memory of 2592	1400	40b774565b57b2baaa0fb9ff4b93d200N.exe	45

C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
"C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        10⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        10⤵
        
        PID:18960
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        10⤵
        
        PID:19828
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:23032
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:19908
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:20592
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:19820
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:20608
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:21936
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:22148
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:19884
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:19728
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22104
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19836
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:20536
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:22004
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22588
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:20300
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19940
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22556
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:20668
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:21724
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:18944
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22244
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:19764
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:20576
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:22252
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:20636
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19756
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:21584
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22548
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19844
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:22200
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:20652
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:19672
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22456
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22448
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19900
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:20388
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:20584
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22400
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:21988
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:20660
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:22044
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:19780
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:22236
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22176
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19812
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:18792
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22020
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19924
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19972
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22860
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:20452
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20280
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22072
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22392
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19392
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22408
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20600
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:21980
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:19788
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:23664
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22160
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:22088
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3932
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:12620
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:14860
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:9708
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:19868
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:22064
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        9⤵
        
        PID:19860
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22080
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22128
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        8⤵
        
        PID:22416
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:22112
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22276
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19680
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20340
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:22540
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:20644
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22096
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:21928
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22012
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22284
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19400
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20560
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:20624
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:19804
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19772
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22036
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22532
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13584
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22140
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22580
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:20552
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:20132
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:20568
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:20736
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19688
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:22464
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:22260
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:19796
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:9728
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:19892
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:19384
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22424
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:21808
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19988
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22572
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22596
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19748
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:21996
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19852
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:22268
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:22216
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22028
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:22120
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:19956
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:12636
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:21748
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:9720
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:20524
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22472
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:20292
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        6⤵
        
        PID:21956
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22168
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:22384
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:18784
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:21756
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:12684
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:6792
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:20364
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:20516
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:5116
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:8168
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:14852
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:10396
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:18136
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:18144
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
      "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
      4⤵
      PID:22368
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:11676
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  PID:4064
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:11144
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  PID:6188
- - C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
    "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
    3⤵
    PID:14844
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  PID:9264
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  PID:12912
- C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe
  "C:\Users\Admin\AppData\Local\Temp\40b774565b57b2baaa0fb9ff4b93d200N.exe"
  2⤵
  PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob lesbian (Liz,Sylvia).zip.exe

Filesize
562KB

MD5
122badcb248918e4d138367970c2fa3e

SHA1
f4ff1389aa54d25048a2b5c813aaaad869b30562

SHA256
ba6412d23d0c247e21942d2883eb2b8a3875574831b09c377e3a861c362b9176

SHA512
1aba0b64917420373435c93bd358ea792f3b11a28d681e6f4537a81bc7ac8cfa2eb01ed7c484d36b51a8fc10bc62a52e5f77669fdbeff42a8e375b565528afcb

Download Submit
C:\debug.txt

Filesize
183B

MD5
5a8cc2491e0732cf8571aa4e2d18fc85

SHA1
8d7018b637abb88d25903abed1b7a6cf76bf58bc

SHA256
8f05f384c0a0354ebc135c11a75cd47d913e5be9279ad190600071f4f0d0a8ba

SHA512
c7273d48e802e429c6a3fa4d1026c6da2f52b4ce925822ba82f0290fbfd43fad74b76128cdba4d885f392a32e23cf016d16cdb7ad376f25e4c703a0ac47f363d

Download Submit