688d5b8e4bc68203268ea1b6f9d9932a2cab64087af748acc35b3b9ad364f939

Analysis

max time kernel
25s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 12:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b838aa040f2f71ee8528a8208bc591f0N.exe
Size

2.0MB
MD5

b838aa040f2f71ee8528a8208bc591f0
SHA1

5224188ba110e23451e6ffe25e297c8df4cedb5c
SHA256

688d5b8e4bc68203268ea1b6f9d9932a2cab64087af748acc35b3b9ad364f939
SHA512

2693b2597f28c41d7006972be74b52e400d8752e514f71ff1b0d05f749e278f01dc707fbe78a75f6086f7dda2cf244d613c3f9a50595071b63216925d3540324
SSDEEP

49152:VfrYk96YgBaoODUNw8EerkRHIKNmiDehjjlOj1f+yPK2JRs:FsHBxODUNZBAV0sND3Jy

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	b838aa040f2f71ee8528a8208bc591f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\U:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\V:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\A:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\I:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\J:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\K:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\O:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\X:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\T:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\W:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\Y:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\E:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\G:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\N:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\R:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\S:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\B:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\M:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\Z:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\H:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\L:	b838aa040f2f71ee8528a8208bc591f0N.exe
File opened (read-only)	\??\P:	b838aa040f2f71ee8528a8208bc591f0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\action cum lesbian upskirt .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american gang bang uncut glans hotel (Britney,Anniston).mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake several models .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\porn masturbation ash hairy .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay horse big (Jade).mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\kicking hot (!) high heels (Gina,Jade).mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\nude lesbian [milf] hairy .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking horse [milf] ash (Gina,Sonja).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian bukkake voyeur (Tatjana,Curtney).zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese blowjob catfight vagina .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian xxx girls vagina wifey .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files\Windows Journal\Templates\tyrkish hardcore horse voyeur ash hairy (Sarah,Christine).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\african cum cum lesbian glans (Tatjana,Melissa).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fucking fucking licking (Jade,Karin).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files\DVD Maker\Shared\lesbian [free] blondie (Jade,Gina).mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british beast big shower .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Google\Temp\gay gay several models vagina redhair (Tatjana,Kathrin).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\porn hot (!) granny .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\french animal big .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\british animal action full movie sm .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gang bang nude uncut boobs Œß (Janette).zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob cumshot hidden titts ¤ã .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian sperm uncut .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay [free] (Melissa,Jenna).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\african fucking hidden sm .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\gang bang xxx [milf] lady (Tatjana).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cumshot voyeur .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish sperm lesbian vagina pregnant .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\action fetish [bangbus] legs (Tatjana,Sarah).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\nude porn several models vagina (Sarah).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\british fetish hot (!) mistress (Anniston).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore girls .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\malaysia kicking gang bang [milf] .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\brasilian beastiality blowjob full movie granny .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\indian nude handjob hidden ejaculation .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beastiality licking 50+ .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\bukkake catfight fishy .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian gang bang nude big circumcision .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\german animal blowjob voyeur (Liz).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\porn porn hidden titts .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\tyrkish kicking licking girly .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\french fucking lesbian high heels (Christine,Tatjana).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\handjob [milf] cock hotel (Tatjana).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese bukkake trambling [bangbus] leather .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\security\templates\trambling nude big vagina ash .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\asian beastiality masturbation redhair .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\norwegian bukkake porn hot (!) 40+ (Gina,Sylvia).zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish cumshot big boobs pregnant (Jade).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\british horse sleeping .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\kicking full movie ash leather .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\african cumshot full movie girly .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\canadian animal [bangbus] glans leather .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\PLA\Templates\bukkake [free] wifey .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian horse sleeping ejaculation .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\fetish licking swallow .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\tyrkish trambling horse catfight ash .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\blowjob gay catfight vagina 50+ .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\tmp\trambling cumshot lesbian .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\spanish horse beast licking boobs traffic .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\brasilian animal [milf] fishy .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gang bang masturbation redhair .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\italian beast masturbation boobs .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\danish beast hidden .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian porn nude big (Anniston,Ashley).mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian cumshot hidden .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beast masturbation glans (Sarah,Liz).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\italian hardcore masturbation YEâPSè& .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cum [bangbus] castration .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish hardcore blowjob girls balls .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\tyrkish hardcore horse [milf] glans (Anniston,Samantha).mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\german beast beast lesbian lady .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\cumshot horse [milf] ash bedroom .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\brasilian handjob lesbian lesbian (Jenna).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\lesbian hidden bondage .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\canadian blowjob gang bang [free] hole .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\horse catfight .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\asian animal blowjob full movie titts .zip.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gay blowjob voyeur glans gorgeoushorny (Kathrin,Liz).rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\trambling voyeur stockings (Jenna,Samantha).mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\malaysia cum cum [free] cock wifey .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian beastiality [free] blondie .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\asian beastiality [free] ash .avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black action lesbian glans sm .mpeg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\french fetish girls cock .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse nude voyeur 50+ (Britney,Sonja).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\indian fucking trambling several models sm (Sarah).avi.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\british horse [bangbus] gorgeoushorny .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish handjob girls mistress .rar.exe	b838aa040f2f71ee8528a8208bc591f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake fucking lesbian mistress .mpg.exe	b838aa040f2f71ee8528a8208bc591f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3032	b838aa040f2f71ee8528a8208bc591f0N.exe
2768	b838aa040f2f71ee8528a8208bc591f0N.exe
3032	b838aa040f2f71ee8528a8208bc591f0N.exe
2632	b838aa040f2f71ee8528a8208bc591f0N.exe
2116	b838aa040f2f71ee8528a8208bc591f0N.exe
2768	b838aa040f2f71ee8528a8208bc591f0N.exe
3032	b838aa040f2f71ee8528a8208bc591f0N.exe
1644	b838aa040f2f71ee8528a8208bc591f0N.exe
2632	b838aa040f2f71ee8528a8208bc591f0N.exe
1956	b838aa040f2f71ee8528a8208bc591f0N.exe
2960	b838aa040f2f71ee8528a8208bc591f0N.exe
2116	b838aa040f2f71ee8528a8208bc591f0N.exe
2768	b838aa040f2f71ee8528a8208bc591f0N.exe
1960	b838aa040f2f71ee8528a8208bc591f0N.exe
3032	b838aa040f2f71ee8528a8208bc591f0N.exe
2832	b838aa040f2f71ee8528a8208bc591f0N.exe
1644	b838aa040f2f71ee8528a8208bc591f0N.exe
2936	b838aa040f2f71ee8528a8208bc591f0N.exe
2964	b838aa040f2f71ee8528a8208bc591f0N.exe
1828	b838aa040f2f71ee8528a8208bc591f0N.exe
2632	b838aa040f2f71ee8528a8208bc591f0N.exe
1956	b838aa040f2f71ee8528a8208bc591f0N.exe
1528	b838aa040f2f71ee8528a8208bc591f0N.exe
1448	b838aa040f2f71ee8528a8208bc591f0N.exe
2116	b838aa040f2f71ee8528a8208bc591f0N.exe
2768	b838aa040f2f71ee8528a8208bc591f0N.exe
2172	b838aa040f2f71ee8528a8208bc591f0N.exe
2960	b838aa040f2f71ee8528a8208bc591f0N.exe
2300	b838aa040f2f71ee8528a8208bc591f0N.exe
3032	b838aa040f2f71ee8528a8208bc591f0N.exe
1960	b838aa040f2f71ee8528a8208bc591f0N.exe
2664	b838aa040f2f71ee8528a8208bc591f0N.exe
2088	b838aa040f2f71ee8528a8208bc591f0N.exe
1152	b838aa040f2f71ee8528a8208bc591f0N.exe
2832	b838aa040f2f71ee8528a8208bc591f0N.exe
1644	b838aa040f2f71ee8528a8208bc591f0N.exe
2936	b838aa040f2f71ee8528a8208bc591f0N.exe
1724	b838aa040f2f71ee8528a8208bc591f0N.exe
1312	b838aa040f2f71ee8528a8208bc591f0N.exe
948	b838aa040f2f71ee8528a8208bc591f0N.exe
1508	b838aa040f2f71ee8528a8208bc591f0N.exe
1828	b838aa040f2f71ee8528a8208bc591f0N.exe
2964	b838aa040f2f71ee8528a8208bc591f0N.exe
1956	b838aa040f2f71ee8528a8208bc591f0N.exe
2768	b838aa040f2f71ee8528a8208bc591f0N.exe
2768	b838aa040f2f71ee8528a8208bc591f0N.exe
2116	b838aa040f2f71ee8528a8208bc591f0N.exe
2116	b838aa040f2f71ee8528a8208bc591f0N.exe
2632	b838aa040f2f71ee8528a8208bc591f0N.exe
2632	b838aa040f2f71ee8528a8208bc591f0N.exe
3048	b838aa040f2f71ee8528a8208bc591f0N.exe
3048	b838aa040f2f71ee8528a8208bc591f0N.exe
1528	b838aa040f2f71ee8528a8208bc591f0N.exe
1528	b838aa040f2f71ee8528a8208bc591f0N.exe
324	b838aa040f2f71ee8528a8208bc591f0N.exe
324	b838aa040f2f71ee8528a8208bc591f0N.exe
1576	b838aa040f2f71ee8528a8208bc591f0N.exe
1576	b838aa040f2f71ee8528a8208bc591f0N.exe
1428	b838aa040f2f71ee8528a8208bc591f0N.exe
1428	b838aa040f2f71ee8528a8208bc591f0N.exe
1432	b838aa040f2f71ee8528a8208bc591f0N.exe
1432	b838aa040f2f71ee8528a8208bc591f0N.exe
1016	b838aa040f2f71ee8528a8208bc591f0N.exe
1016	b838aa040f2f71ee8528a8208bc591f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2768	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	31
PID 3032 wrote to memory of 2768	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	31
PID 3032 wrote to memory of 2768	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	31
PID 3032 wrote to memory of 2768	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	31
PID 2768 wrote to memory of 2632	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	32
PID 2768 wrote to memory of 2632	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	32
PID 2768 wrote to memory of 2632	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	32
PID 2768 wrote to memory of 2632	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	32
PID 3032 wrote to memory of 2116	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	33
PID 3032 wrote to memory of 2116	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	33
PID 3032 wrote to memory of 2116	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	33
PID 3032 wrote to memory of 2116	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	33
PID 2632 wrote to memory of 1644	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	34
PID 2632 wrote to memory of 1644	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	34
PID 2632 wrote to memory of 1644	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	34
PID 2632 wrote to memory of 1644	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	34
PID 2116 wrote to memory of 1956	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	35
PID 2116 wrote to memory of 1956	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	35
PID 2116 wrote to memory of 1956	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	35
PID 2116 wrote to memory of 1956	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	35
PID 2768 wrote to memory of 2960	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	36
PID 2768 wrote to memory of 2960	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	36
PID 2768 wrote to memory of 2960	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	36
PID 2768 wrote to memory of 2960	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	36
PID 3032 wrote to memory of 1960	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	37
PID 3032 wrote to memory of 1960	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	37
PID 3032 wrote to memory of 1960	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	37
PID 3032 wrote to memory of 1960	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	37
PID 1644 wrote to memory of 2832	1644	b838aa040f2f71ee8528a8208bc591f0N.exe	38
PID 1644 wrote to memory of 2832	1644	b838aa040f2f71ee8528a8208bc591f0N.exe	38
PID 1644 wrote to memory of 2832	1644	b838aa040f2f71ee8528a8208bc591f0N.exe	38
PID 1644 wrote to memory of 2832	1644	b838aa040f2f71ee8528a8208bc591f0N.exe	38
PID 2632 wrote to memory of 2936	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	39
PID 2632 wrote to memory of 2936	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	39
PID 2632 wrote to memory of 2936	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	39
PID 2632 wrote to memory of 2936	2632	b838aa040f2f71ee8528a8208bc591f0N.exe	39
PID 1956 wrote to memory of 2964	1956	b838aa040f2f71ee8528a8208bc591f0N.exe	40
PID 1956 wrote to memory of 2964	1956	b838aa040f2f71ee8528a8208bc591f0N.exe	40
PID 1956 wrote to memory of 2964	1956	b838aa040f2f71ee8528a8208bc591f0N.exe	40
PID 1956 wrote to memory of 2964	1956	b838aa040f2f71ee8528a8208bc591f0N.exe	40
PID 2960 wrote to memory of 1828	2960	b838aa040f2f71ee8528a8208bc591f0N.exe	41
PID 2960 wrote to memory of 1828	2960	b838aa040f2f71ee8528a8208bc591f0N.exe	41
PID 2960 wrote to memory of 1828	2960	b838aa040f2f71ee8528a8208bc591f0N.exe	41
PID 2960 wrote to memory of 1828	2960	b838aa040f2f71ee8528a8208bc591f0N.exe	41
PID 2116 wrote to memory of 1528	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	42
PID 2116 wrote to memory of 1528	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	42
PID 2116 wrote to memory of 1528	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	42
PID 2116 wrote to memory of 1528	2116	b838aa040f2f71ee8528a8208bc591f0N.exe	42
PID 2768 wrote to memory of 1448	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	43
PID 2768 wrote to memory of 1448	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	43
PID 2768 wrote to memory of 1448	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	43
PID 2768 wrote to memory of 1448	2768	b838aa040f2f71ee8528a8208bc591f0N.exe	43
PID 3032 wrote to memory of 2300	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	44
PID 3032 wrote to memory of 2300	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	44
PID 3032 wrote to memory of 2300	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	44
PID 3032 wrote to memory of 2300	3032	b838aa040f2f71ee8528a8208bc591f0N.exe	44
PID 1960 wrote to memory of 2172	1960	b838aa040f2f71ee8528a8208bc591f0N.exe	45
PID 1960 wrote to memory of 2172	1960	b838aa040f2f71ee8528a8208bc591f0N.exe	45
PID 1960 wrote to memory of 2172	1960	b838aa040f2f71ee8528a8208bc591f0N.exe	45
PID 1960 wrote to memory of 2172	1960	b838aa040f2f71ee8528a8208bc591f0N.exe	45
PID 2832 wrote to memory of 2088	2832	b838aa040f2f71ee8528a8208bc591f0N.exe	46
PID 2832 wrote to memory of 2088	2832	b838aa040f2f71ee8528a8208bc591f0N.exe	46
PID 2832 wrote to memory of 2088	2832	b838aa040f2f71ee8528a8208bc591f0N.exe	46
PID 2832 wrote to memory of 2088	2832	b838aa040f2f71ee8528a8208bc591f0N.exe	46

C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
"C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        10⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        10⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:9060
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:156
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14384
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:9832
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10136
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:12712
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:9880
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10112
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:14392
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:14180
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        9⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:9848
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:9044
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10976
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14408
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:11308
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:11412
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:8576
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:11956
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        7⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10088
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10992
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:13340
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:14036
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:14052
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:11040
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:11612
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:12752
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:12864
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:6912
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:9020
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  PID:716
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:13488
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:8392
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:14340
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:9036
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  PID:3080
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
      4⤵
      PID:10120
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:8292
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:14068
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:7508
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:14252
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  PID:6880
- - C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
    3⤵
    PID:13596
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  PID:8996
- C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\b838aa040f2f71ee8528a8208bc591f0N.exe"
  2⤵
  PID:14660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\british beast big shower .mpg.exe

Filesize
88KB

MD5
4263dbb0f93add421d07f5036ceea11a

SHA1
ed6443240992a4625d039f4abe5046e89e393d14

SHA256
f949949bc022f368ab7ce1fc184366f20666ed5952cc9e09af64b813417c2f74

SHA512
81baea2dde1231dec9bf8d80256a040d2366250708dd11ad8dd238e5041c8c56d6b071d60128e8c9343216d85df49583b54b8fb9058c0400ed9eb447c2f0e310

Download Submit
C:\debug.txt

Filesize
183B

MD5
5b0d1941d10933649e5ac3bd2b16d7a3

SHA1
099f3dddfc1f9ad8777033b012b3b7811725eb1b

SHA256
d697193469d88c0044418c879ca45f9190ffff7c6676282f27616ff8491e4244

SHA512
23312d2e78c59c19ce02d4f09b0982bb7d9fd54b5e07230380d6c61c69b4b84f716c8948239392c16f95b131284ab3bf8952086d1c6ea98fc605875f8a101445

Download Submit
memory/716-146-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/868-156-0x0000000000810000-0x000000000083B000-memory.dmp

Filesize
172KB

Download
memory/868-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/948-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/948-166-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1016-145-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1152-124-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1152-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1312-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1312-162-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1312-128-0x0000000004460000-0x000000000448B000-memory.dmp

Filesize
172KB

Download
memory/1428-143-0x0000000000760000-0x000000000078B000-memory.dmp

Filesize
172KB

Download
memory/1432-144-0x0000000004690000-0x00000000046BB000-memory.dmp

Filesize
172KB

Download
memory/1448-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1448-137-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1508-170-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1508-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1528-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1576-140-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1628-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1628-157-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/1644-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1644-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1664-147-0x0000000001EA0000-0x0000000001ECB000-memory.dmp

Filesize
172KB

Download
memory/1724-171-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1724-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-133-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1744-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1828-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1828-129-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1856-148-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1856-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1888-151-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1888-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1956-130-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1956-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1956-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1960-114-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1960-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2088-119-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2088-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2116-135-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2116-92-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2116-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2116-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2172-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2172-113-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/2300-115-0x00000000047B0000-0x00000000047DB000-memory.dmp

Filesize
172KB

Download
memory/2300-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2300-142-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2632-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-136-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2632-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-90-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2664-150-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2664-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2664-117-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2672-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2708-174-0x0000000001DA0000-0x0000000001DCB000-memory.dmp

Filesize
172KB

Download
memory/2768-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2768-169-0x0000000004BC0000-0x0000000004BEB000-memory.dmp

Filesize
172KB

Download
memory/2768-134-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2768-52-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2768-87-0x0000000004BC0000-0x0000000004BEB000-memory.dmp

Filesize
172KB

Download
memory/2832-159-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2832-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2832-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2832-121-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2832-103-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2936-106-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2936-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2936-125-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2936-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-138-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2964-161-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/2964-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3032-51-0x00000000046F0000-0x000000000471B000-memory.dmp

Filesize
172KB

Download
memory/3032-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3032-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3032-141-0x00000000046F0000-0x000000000471B000-memory.dmp

Filesize
172KB

Download
memory/3048-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3048-139-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/3056-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3476-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3512-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3524-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3580-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3608-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3672-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3704-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3712-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3768-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3784-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download