a9ac43d278cd2ad4bbf59dcc0744c8bdc5abfcf6273406933de6cc2e22386565

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 01:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

419ededc0c83aff356be011e8f7002f0N.exe
Size

1.2MB
MD5

419ededc0c83aff356be011e8f7002f0
SHA1

04069403be11301165b59a222f352dd8489a1c64
SHA256

a9ac43d278cd2ad4bbf59dcc0744c8bdc5abfcf6273406933de6cc2e22386565
SHA512

3c7e6b00e5b6b8b8cc0d6972bb52ce33a6a1877c93025b4e7607b620d768104e306e1c15787b26e3073cdce1669a680bcb6d3d87d89674a9cdfd1ac19097974c
SSDEEP

24576:oWWIP2vdmzfGbQJB15300pUXjFQ3t12nEW7ZhJYvqB+taZDExhekMd3TbZ:VXcmzGb4F00pkWGTDJYvqUcka/Z

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	419ededc0c83aff356be011e8f7002f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\K:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\P:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\R:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\V:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\A:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\L:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\M:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\U:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\W:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\G:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\N:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\S:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\T:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\X:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\Y:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\Z:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\B:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\E:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\H:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\J:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\O:	419ededc0c83aff356be011e8f7002f0N.exe
File opened (read-only)	\??\Q:	419ededc0c83aff356be011e8f7002f0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\gay girls pregnant .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian porn xxx big feet traffic (Liz).mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish kicking horse girls cock ash (Karin).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian blowjob voyeur mistress .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian horse hardcore several models (Janette).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian cumshot beast licking feet .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian fetish horse [milf] glans sweet (Tatjana).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake hot (!) hole .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake big .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx hidden feet .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast licking ejaculation .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie several models (Melissa).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish action hardcore big cock high heels .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish action xxx masturbation hole .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese handjob horse hot (!) feet .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish fetish gay hot (!) femdom .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian animal beast full movie hole .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american kicking blowjob sleeping young (Sonja,Janette).zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay full movie castration (Sonja,Samantha).mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files\DVD Maker\Shared\swedish kicking blowjob hidden cock mistress .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files\Windows Journal\Templates\trambling sleeping shower .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast several models .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\brasilian kicking xxx [bangbus] hole 40+ (Curtney).rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish handjob sperm several models .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian gang bang lesbian public .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay catfight upskirt .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore full movie .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\blowjob licking bedroom .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian hardcore voyeur .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\russian animal horse girls gorgeoushorny .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\temp\hardcore [free] ìï .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish animal bukkake public balls .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\sperm catfight cock .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\german lesbian girls (Karin).rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking hot (!) .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\handjob lesbian public cock pregnant (Samantha).zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\trambling lesbian glans bondage .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lingerie uncut cock .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\trambling sleeping glans high heels .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore lesbian mature .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\cum blowjob masturbation feet circumcision .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\spanish trambling public .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian hardcore big titts (Sonja,Janette).rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\black handjob hardcore [milf] hole lady .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish beastiality sperm catfight mature .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\animal xxx hidden glans .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\xxx catfight .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\black porn horse voyeur feet hairy .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\mssrv.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian beastiality hardcore hidden glans ash (Melissa).zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german gay hot (!) 40+ (Gina,Melissa).rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\norwegian gay [free] pregnant .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian animal xxx catfight titts .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american kicking horse hot (!) titts wifey (Samantha).mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\african beast [free] femdom .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american beastiality lingerie public .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian handjob lesbian masturbation (Melissa).zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian gang bang bukkake lesbian feet mature (Sylvia).rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\indian nude lingerie hot (!) hole (Kathrin,Janette).mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\lesbian hidden upskirt .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gay [bangbus] glans .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish beastiality horse uncut traffic .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\Downloaded Program Files\italian gang bang fucking masturbation mature .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\PLA\Templates\beast catfight wifey .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british xxx uncut (Sylvia).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\chinese sperm full movie circumcision .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking blowjob [milf] gorgeoushorny (Kathrin,Tatjana).zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian gay big hole .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cumshot horse [free] beautyfull .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian nude bukkake public .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\american cumshot xxx sleeping lady .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse licking (Samantha).mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\handjob fucking full movie feet .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\InstallTemp\chinese fucking [bangbus] titts hotel .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\danish handjob fucking public fishy .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french beast big mistress .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish cum xxx girls feet femdom (Tatjana).mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian fucking full movie titts .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\asian xxx full movie cock redhair .mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\norwegian trambling hot (!) glans .rar.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\lesbian public ìï (Jenna,Samantha).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\russian horse gay [free] shoes (Sandy,Sylvia).avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\italian cumshot beast big circumcision .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\horse fucking full movie 40+ .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\security\templates\tyrkish porn lingerie big titts .avi.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore voyeur penetration .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish porn xxx voyeur hole young .mpeg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\horse full movie latex (Anniston,Curtney).mpg.exe	419ededc0c83aff356be011e8f7002f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\indian action hardcore public titts .zip.exe	419ededc0c83aff356be011e8f7002f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2644	419ededc0c83aff356be011e8f7002f0N.exe
2552	419ededc0c83aff356be011e8f7002f0N.exe
2644	419ededc0c83aff356be011e8f7002f0N.exe
584	419ededc0c83aff356be011e8f7002f0N.exe
2960	419ededc0c83aff356be011e8f7002f0N.exe
2552	419ededc0c83aff356be011e8f7002f0N.exe
2644	419ededc0c83aff356be011e8f7002f0N.exe
2172	419ededc0c83aff356be011e8f7002f0N.exe
1952	419ededc0c83aff356be011e8f7002f0N.exe
2264	419ededc0c83aff356be011e8f7002f0N.exe
584	419ededc0c83aff356be011e8f7002f0N.exe
1788	419ededc0c83aff356be011e8f7002f0N.exe
2644	419ededc0c83aff356be011e8f7002f0N.exe
2960	419ededc0c83aff356be011e8f7002f0N.exe
2552	419ededc0c83aff356be011e8f7002f0N.exe
808	419ededc0c83aff356be011e8f7002f0N.exe
2172	419ededc0c83aff356be011e8f7002f0N.exe
1320	419ededc0c83aff356be011e8f7002f0N.exe
376	419ededc0c83aff356be011e8f7002f0N.exe
584	419ededc0c83aff356be011e8f7002f0N.exe
2264	419ededc0c83aff356be011e8f7002f0N.exe
2204	419ededc0c83aff356be011e8f7002f0N.exe
1952	419ededc0c83aff356be011e8f7002f0N.exe
1732	419ededc0c83aff356be011e8f7002f0N.exe
1696	419ededc0c83aff356be011e8f7002f0N.exe
340	419ededc0c83aff356be011e8f7002f0N.exe
1928	419ededc0c83aff356be011e8f7002f0N.exe
2644	419ededc0c83aff356be011e8f7002f0N.exe
2552	419ededc0c83aff356be011e8f7002f0N.exe
1788	419ededc0c83aff356be011e8f7002f0N.exe
2960	419ededc0c83aff356be011e8f7002f0N.exe
2224	419ededc0c83aff356be011e8f7002f0N.exe
2140	419ededc0c83aff356be011e8f7002f0N.exe
808	419ededc0c83aff356be011e8f7002f0N.exe
2180	419ededc0c83aff356be011e8f7002f0N.exe
2172	419ededc0c83aff356be011e8f7002f0N.exe
1320	419ededc0c83aff356be011e8f7002f0N.exe
2044	419ededc0c83aff356be011e8f7002f0N.exe
1812	419ededc0c83aff356be011e8f7002f0N.exe
376	419ededc0c83aff356be011e8f7002f0N.exe
584	419ededc0c83aff356be011e8f7002f0N.exe
2264	419ededc0c83aff356be011e8f7002f0N.exe
2264	419ededc0c83aff356be011e8f7002f0N.exe
2072	419ededc0c83aff356be011e8f7002f0N.exe
2072	419ededc0c83aff356be011e8f7002f0N.exe
2040	419ededc0c83aff356be011e8f7002f0N.exe
2040	419ededc0c83aff356be011e8f7002f0N.exe
1952	419ededc0c83aff356be011e8f7002f0N.exe
1952	419ededc0c83aff356be011e8f7002f0N.exe
2828	419ededc0c83aff356be011e8f7002f0N.exe
2828	419ededc0c83aff356be011e8f7002f0N.exe
408	419ededc0c83aff356be011e8f7002f0N.exe
408	419ededc0c83aff356be011e8f7002f0N.exe
1140	419ededc0c83aff356be011e8f7002f0N.exe
1140	419ededc0c83aff356be011e8f7002f0N.exe
2948	419ededc0c83aff356be011e8f7002f0N.exe
2948	419ededc0c83aff356be011e8f7002f0N.exe
704	419ededc0c83aff356be011e8f7002f0N.exe
704	419ededc0c83aff356be011e8f7002f0N.exe
2644	419ededc0c83aff356be011e8f7002f0N.exe
2644	419ededc0c83aff356be011e8f7002f0N.exe
2552	419ededc0c83aff356be011e8f7002f0N.exe
2552	419ededc0c83aff356be011e8f7002f0N.exe
836	419ededc0c83aff356be011e8f7002f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2552	2644	419ededc0c83aff356be011e8f7002f0N.exe	30
PID 2644 wrote to memory of 2552	2644	419ededc0c83aff356be011e8f7002f0N.exe	30
PID 2644 wrote to memory of 2552	2644	419ededc0c83aff356be011e8f7002f0N.exe	30
PID 2644 wrote to memory of 2552	2644	419ededc0c83aff356be011e8f7002f0N.exe	30
PID 2552 wrote to memory of 584	2552	419ededc0c83aff356be011e8f7002f0N.exe	31
PID 2552 wrote to memory of 584	2552	419ededc0c83aff356be011e8f7002f0N.exe	31
PID 2552 wrote to memory of 584	2552	419ededc0c83aff356be011e8f7002f0N.exe	31
PID 2552 wrote to memory of 584	2552	419ededc0c83aff356be011e8f7002f0N.exe	31
PID 2644 wrote to memory of 2960	2644	419ededc0c83aff356be011e8f7002f0N.exe	32
PID 2644 wrote to memory of 2960	2644	419ededc0c83aff356be011e8f7002f0N.exe	32
PID 2644 wrote to memory of 2960	2644	419ededc0c83aff356be011e8f7002f0N.exe	32
PID 2644 wrote to memory of 2960	2644	419ededc0c83aff356be011e8f7002f0N.exe	32
PID 584 wrote to memory of 2172	584	419ededc0c83aff356be011e8f7002f0N.exe	33
PID 584 wrote to memory of 2172	584	419ededc0c83aff356be011e8f7002f0N.exe	33
PID 584 wrote to memory of 2172	584	419ededc0c83aff356be011e8f7002f0N.exe	33
PID 584 wrote to memory of 2172	584	419ededc0c83aff356be011e8f7002f0N.exe	33
PID 2960 wrote to memory of 1952	2960	419ededc0c83aff356be011e8f7002f0N.exe	34
PID 2960 wrote to memory of 1952	2960	419ededc0c83aff356be011e8f7002f0N.exe	34
PID 2960 wrote to memory of 1952	2960	419ededc0c83aff356be011e8f7002f0N.exe	34
PID 2960 wrote to memory of 1952	2960	419ededc0c83aff356be011e8f7002f0N.exe	34
PID 2552 wrote to memory of 2264	2552	419ededc0c83aff356be011e8f7002f0N.exe	35
PID 2552 wrote to memory of 2264	2552	419ededc0c83aff356be011e8f7002f0N.exe	35
PID 2552 wrote to memory of 2264	2552	419ededc0c83aff356be011e8f7002f0N.exe	35
PID 2552 wrote to memory of 2264	2552	419ededc0c83aff356be011e8f7002f0N.exe	35
PID 2644 wrote to memory of 1788	2644	419ededc0c83aff356be011e8f7002f0N.exe	36
PID 2644 wrote to memory of 1788	2644	419ededc0c83aff356be011e8f7002f0N.exe	36
PID 2644 wrote to memory of 1788	2644	419ededc0c83aff356be011e8f7002f0N.exe	36
PID 2644 wrote to memory of 1788	2644	419ededc0c83aff356be011e8f7002f0N.exe	36
PID 2172 wrote to memory of 808	2172	419ededc0c83aff356be011e8f7002f0N.exe	37
PID 2172 wrote to memory of 808	2172	419ededc0c83aff356be011e8f7002f0N.exe	37
PID 2172 wrote to memory of 808	2172	419ededc0c83aff356be011e8f7002f0N.exe	37
PID 2172 wrote to memory of 808	2172	419ededc0c83aff356be011e8f7002f0N.exe	37
PID 1952 wrote to memory of 376	1952	419ededc0c83aff356be011e8f7002f0N.exe	38
PID 1952 wrote to memory of 376	1952	419ededc0c83aff356be011e8f7002f0N.exe	38
PID 1952 wrote to memory of 376	1952	419ededc0c83aff356be011e8f7002f0N.exe	38
PID 1952 wrote to memory of 376	1952	419ededc0c83aff356be011e8f7002f0N.exe	38
PID 584 wrote to memory of 1320	584	419ededc0c83aff356be011e8f7002f0N.exe	39
PID 584 wrote to memory of 1320	584	419ededc0c83aff356be011e8f7002f0N.exe	39
PID 584 wrote to memory of 1320	584	419ededc0c83aff356be011e8f7002f0N.exe	39
PID 584 wrote to memory of 1320	584	419ededc0c83aff356be011e8f7002f0N.exe	39
PID 2264 wrote to memory of 2204	2264	419ededc0c83aff356be011e8f7002f0N.exe	40
PID 2264 wrote to memory of 2204	2264	419ededc0c83aff356be011e8f7002f0N.exe	40
PID 2264 wrote to memory of 2204	2264	419ededc0c83aff356be011e8f7002f0N.exe	40
PID 2264 wrote to memory of 2204	2264	419ededc0c83aff356be011e8f7002f0N.exe	40
PID 2644 wrote to memory of 1696	2644	419ededc0c83aff356be011e8f7002f0N.exe	41
PID 2644 wrote to memory of 1696	2644	419ededc0c83aff356be011e8f7002f0N.exe	41
PID 2644 wrote to memory of 1696	2644	419ededc0c83aff356be011e8f7002f0N.exe	41
PID 2644 wrote to memory of 1696	2644	419ededc0c83aff356be011e8f7002f0N.exe	41
PID 2552 wrote to memory of 340	2552	419ededc0c83aff356be011e8f7002f0N.exe	42
PID 2552 wrote to memory of 340	2552	419ededc0c83aff356be011e8f7002f0N.exe	42
PID 2552 wrote to memory of 340	2552	419ededc0c83aff356be011e8f7002f0N.exe	42
PID 2552 wrote to memory of 340	2552	419ededc0c83aff356be011e8f7002f0N.exe	42
PID 1788 wrote to memory of 1732	1788	419ededc0c83aff356be011e8f7002f0N.exe	43
PID 1788 wrote to memory of 1732	1788	419ededc0c83aff356be011e8f7002f0N.exe	43
PID 1788 wrote to memory of 1732	1788	419ededc0c83aff356be011e8f7002f0N.exe	43
PID 1788 wrote to memory of 1732	1788	419ededc0c83aff356be011e8f7002f0N.exe	43
PID 2960 wrote to memory of 1928	2960	419ededc0c83aff356be011e8f7002f0N.exe	44
PID 2960 wrote to memory of 1928	2960	419ededc0c83aff356be011e8f7002f0N.exe	44
PID 2960 wrote to memory of 1928	2960	419ededc0c83aff356be011e8f7002f0N.exe	44
PID 2960 wrote to memory of 1928	2960	419ededc0c83aff356be011e8f7002f0N.exe	44
PID 808 wrote to memory of 2224	808	419ededc0c83aff356be011e8f7002f0N.exe	45
PID 808 wrote to memory of 2224	808	419ededc0c83aff356be011e8f7002f0N.exe	45
PID 808 wrote to memory of 2224	808	419ededc0c83aff356be011e8f7002f0N.exe	45
PID 808 wrote to memory of 2224	808	419ededc0c83aff356be011e8f7002f0N.exe	45

C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
"C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:584
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        10⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        10⤵
        
        PID:20356
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        10⤵
        
        PID:19896
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:19056
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:19712
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19188
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:19332
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19680
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19160
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:18536
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:19928
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19292
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19736
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:20888
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19912
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:21324
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:20584
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19616
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19404
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:21764
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19180
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19872
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:18920
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:23460
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19640
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19324
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19568
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19672
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19204
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19444
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19664
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19276
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19728
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19864
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:20564
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:23348
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19816
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19472
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19840
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19776
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19428
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:21756
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19800
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:19760
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19544
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19228
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19648
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19268
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19808
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19792
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19720
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:23356
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19396
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:20556
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:280
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19388
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:20404
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13896
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:340
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19252
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19704
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:20472
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19528
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:20804
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:20264
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19496
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19300
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:408
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19920
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19824
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19552
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19688
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:20920
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13608
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19536
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:20412
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19260
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:20824
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:11884
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:12836
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:18968
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        9⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19040
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:19856
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19316
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19380
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19128
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:20512
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19936
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:20500
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19220
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19904
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19520
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19624
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:23452
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19244
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:22860
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:18952
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19308
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13568
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:20524
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:20896
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19120
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:18988
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19632
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19340
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:18520
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:21748
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19048
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19880
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:18996
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19944
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:18528
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19032
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13076
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13616
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:9156
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:19068
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19488
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:22756
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:19144
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19480
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19412
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19832
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19696
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        7⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:21772
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:20904
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:21164
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19888
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13228
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19464
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:14012
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:12964
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13648
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:19008
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19236
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        6⤵
        
        PID:19768
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19512
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19560
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:20420
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19420
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19172
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19752
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:21332
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:17304
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:20396
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13148
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19784
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:18504
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19016
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:24408
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:8736
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:19656
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
        5⤵
        
        PID:19576
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:13816
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:18512
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:10192
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:19076
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  PID:4140
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
      4⤵
      PID:19364
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:11892
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  PID:5920
- - C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
    3⤵
    PID:11752
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  PID:8844
- C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\419ededc0c83aff356be011e8f7002f0N.exe"
  2⤵
  PID:19452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\beast several models .avi.exe

Filesize
1.4MB

MD5
30db6d40397bb73189e7094d33460067

SHA1
dcce502f7b3d6b47e767741166f37c82016c5827

SHA256
ad56ef5502368637b77a3be2cdcd952690307a6071a94fd494fc160f0a699c45

SHA512
1f3adddfb861aca7d20bb2c1c80cc028ce53250de3afa4b6d7d85148d216d563dc99e8a513d3b2f4e3713404bee168bbb7fc55ab5e4ceff1951fc424477bc9e3

Download Submit