2449f196b1e25b775ce4ea85a9cb5e312df562ae9aa3d9f89904afa1cf6b41b5

Analysis

max time kernel
20s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 03:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Size

1.8MB
MD5

460fd0d2d9c16c0ce4aef30ec6ec0cf0
SHA1

f4622057fee985ef578f14a22b5936d50990ff5c
SHA256

2449f196b1e25b775ce4ea85a9cb5e312df562ae9aa3d9f89904afa1cf6b41b5
SHA512

57ac12fd40d5e292f1ecba2470cffe09c4ba1bc9fcfba4fba64d5a9e04f0ff247a196804089d74d9d2a7c20b5791a9de3a6625337b58483db7b246c5765fea81
SSDEEP

49152:hJ3I6U92O3FHJs0bQbi02V1MMcuYB6Qu3ndCco5IFrzzxQ1cSR1:f46U91Js0Qbi91MMcuwu3dg5qrPA1R1

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\J:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\P:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\W:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\M:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\O:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\Y:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\T:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\X:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\A:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\E:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\K:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\L:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\Q:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\R:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\Z:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\V:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\B:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\H:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\I:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\N:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\S:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\U:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\brasilian cum [milf] leather .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\IME\shared\spanish trambling [free] ash sm (Christine).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish licking hole (Sylvia).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian kicking lesbian uncut ash shoes .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay fetish masturbation .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal girls .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese trambling nude lesbian vagina .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black animal sleeping .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese sperm [bangbus] hotel .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\System32\DriverStore\Temp\horse fetish [bangbus] (Janette,Karin).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\chinese beast bukkake girls boobs redhair .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nude big ash .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\spanish gang bang full movie wifey .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Windows Journal\Templates\bukkake licking (Kathrin,Janette).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian hardcore [free] cock shoes (Janette).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\porn several models 40+ .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian fucking hidden .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american kicking hidden shoes (Ashley,Karin).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black action fetish [free] glans hairy (Samantha,Sonja).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\spanish bukkake horse public mature .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian sperm beast public nipples hairy .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\asian handjob handjob girls .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse beast hidden redhair .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fetish xxx catfight 40+ (Jenna).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american lingerie horse catfight legs stockings .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\brasilian nude horse public ejaculation .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\animal catfight balls (Liz,Anniston).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian gang bang beast girls ash (Tatjana).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian cumshot horse uncut .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\brasilian animal porn girls .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\bukkake action public vagina (Ashley,Liz).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\security\templates\horse handjob sleeping ash .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\chinese kicking catfight feet ìï .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\bukkake public titts mature .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\trambling catfight .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish bukkake blowjob masturbation (Jade,Kathrin).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\spanish horse voyeur .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\japanese fetish handjob [bangbus] .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\brasilian bukkake hidden circumcision (Sylvia,Samantha).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian horse lesbian .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\beast bukkake [bangbus] glans .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\indian porn [free] feet (Anniston,Tatjana).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob girls feet boots .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\asian sperm lingerie uncut (Sarah).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\spanish lesbian voyeur sweet (Sylvia,Britney).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cumshot full movie ash YEâPSè& .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\blowjob sleeping .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german beastiality [milf] fishy .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\black gay full movie vagina ìï .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\Downloaded Program Files\french trambling blowjob [milf] (Sarah).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\chinese lesbian gang bang hot (!) gorgeoushorny .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\brasilian fetish uncut .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american gang bang gay girls gorgeoushorny (Sonja,Britney).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\chinese trambling catfight femdom .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\british lingerie fetish big .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\african cum trambling masturbation ash .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\japanese gay beastiality full movie girly .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\asian animal licking .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\chinese hardcore lesbian [bangbus] titts hotel .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot xxx sleeping hole .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\german fetish [milf] .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish action lingerie public ash shower (Jenna).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\trambling gay uncut glans high heels .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\german cumshot [free] shower .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal fucking several models shoes .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\action action [bangbus] blondie (Karin).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\tmp\norwegian beastiality [free] .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\danish gang bang sperm voyeur high heels .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\german gay catfight (Samantha).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\beast nude masturbation .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\danish gay horse big girly .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\russian lingerie big stockings .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\hardcore gang bang masturbation (Christine).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\black trambling gay masturbation .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\swedish horse nude uncut glans .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast kicking big wifey (Sonja).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\PLA\Templates\action horse lesbian beautyfull .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse sperm [free] titts hotel (Sarah,Christine).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian cumshot hot (!) redhair .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\russian xxx [milf] hole leather .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\trambling full movie circumcision (Karin,Ashley).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\japanese gay hardcore hot (!) ash femdom .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm [free] sweet .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american sperm cum catfight .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\indian beast hidden (Sonja,Jade).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\italian cum trambling sleeping gorgeoushorny .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang nude sleeping vagina swallow .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\nude lesbian legs ejaculation .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\animal uncut .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1480	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
860	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2332	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1624	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2504	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1960	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
900	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2588	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2876	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1552	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1480	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
860	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2492	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2952	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2332	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2268	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1564	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1624	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
448	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1960	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2504	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2504	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
900	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
900	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1220	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1220	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1100	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1100	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
952	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
952	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1328	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1328	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2044	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2044	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1800	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1800	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2588	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2588	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2876	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2720	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	30
PID 3032 wrote to memory of 2720	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	30
PID 3032 wrote to memory of 2720	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	30
PID 3032 wrote to memory of 2720	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	30
PID 2720 wrote to memory of 2724	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	31
PID 2720 wrote to memory of 2724	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	31
PID 2720 wrote to memory of 2724	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	31
PID 2720 wrote to memory of 2724	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	31
PID 3032 wrote to memory of 484	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	32
PID 3032 wrote to memory of 484	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	32
PID 3032 wrote to memory of 484	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	32
PID 3032 wrote to memory of 484	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	32
PID 2724 wrote to memory of 1708	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	33
PID 2724 wrote to memory of 1708	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	33
PID 2724 wrote to memory of 1708	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	33
PID 2724 wrote to memory of 1708	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	33
PID 484 wrote to memory of 1684	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	34
PID 484 wrote to memory of 1684	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	34
PID 484 wrote to memory of 1684	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	34
PID 484 wrote to memory of 1684	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	34
PID 2720 wrote to memory of 1480	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	35
PID 2720 wrote to memory of 1480	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	35
PID 2720 wrote to memory of 1480	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	35
PID 2720 wrote to memory of 1480	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	35
PID 3032 wrote to memory of 860	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	36
PID 3032 wrote to memory of 860	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	36
PID 3032 wrote to memory of 860	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	36
PID 3032 wrote to memory of 860	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	36
PID 1708 wrote to memory of 2332	1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	38
PID 1708 wrote to memory of 2332	1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	38
PID 1708 wrote to memory of 2332	1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	38
PID 1708 wrote to memory of 2332	1708	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	38
PID 2724 wrote to memory of 1624	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	39
PID 2724 wrote to memory of 1624	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	39
PID 2724 wrote to memory of 1624	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	39
PID 2724 wrote to memory of 1624	2724	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	39
PID 1684 wrote to memory of 2504	1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	40
PID 1684 wrote to memory of 2504	1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	40
PID 1684 wrote to memory of 2504	1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	40
PID 1684 wrote to memory of 2504	1684	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	40
PID 1480 wrote to memory of 1960	1480	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	41
PID 1480 wrote to memory of 1960	1480	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	41
PID 1480 wrote to memory of 1960	1480	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	41
PID 1480 wrote to memory of 1960	1480	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	41
PID 860 wrote to memory of 900	860	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	42
PID 860 wrote to memory of 900	860	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	42
PID 860 wrote to memory of 900	860	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	42
PID 860 wrote to memory of 900	860	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	42
PID 484 wrote to memory of 2876	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	43
PID 484 wrote to memory of 2876	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	43
PID 484 wrote to memory of 2876	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	43
PID 484 wrote to memory of 2876	484	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	43
PID 3032 wrote to memory of 2588	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	44
PID 3032 wrote to memory of 2588	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	44
PID 3032 wrote to memory of 2588	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	44
PID 3032 wrote to memory of 2588	3032	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	44
PID 2720 wrote to memory of 1552	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	45
PID 2720 wrote to memory of 1552	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	45
PID 2720 wrote to memory of 1552	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	45
PID 2720 wrote to memory of 1552	2720	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	45
PID 2332 wrote to memory of 2492	2332	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	46
PID 2332 wrote to memory of 2492	2332	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	46
PID 2332 wrote to memory of 2492	2332	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	46
PID 2332 wrote to memory of 2492	2332	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	46

C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
"C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        10⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        10⤵
        
        PID:22964
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:19932
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:19892
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:22908
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:19820
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22988
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:23020
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22980
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:22732
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19908
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20384
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:23036
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:22764
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:20332
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:23060
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22884
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19836
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22836
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19860
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19916
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22932
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:19828
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:23052
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:20020
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:22748
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20392
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:23300
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19940
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22892
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22692
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:23004
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:156
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:19900
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:19980
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:23012
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20028
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22996
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13404
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:21896
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20012
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20560
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:19876
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19884
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22900
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:21972
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:21988
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:23268
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22940
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:21980
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:19924
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22568
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22948
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:19852
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:23068
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22916
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20324
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:23220
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22876
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20448
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:19956
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:10680
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:16256
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:19948
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:22844
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:23028
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:16112
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9692
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:19576
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:484
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        9⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22716
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20316
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20208
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:23316
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22972
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20464
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:23292
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:22576
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:18788
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20952
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22708
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:19568
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20456
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20580
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20376
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22828
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:23044
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20400
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:23260
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:10968
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:22820
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12980
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9648
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:19972
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:860
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:20424
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:19688
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20432
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:23244
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:22724
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20708
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20004
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20472
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:16168
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:596
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20408
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:348
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22664
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:19988
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:23308
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12820
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:16208
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9980
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:19844
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:18160
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:22924
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:19964
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13348
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20416
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:22560
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:20200
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:21964
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:22956
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9204
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:20224
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:1340
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:23252
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13412
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:14096
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:10688
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:19996
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:3232
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:20360
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:7128
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:10740
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:20540
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:4504
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:7908
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:12964
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:11936
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:6508
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:12876
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:22868
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:9752
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:20440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian sperm beast public nipples hairy .zip.exe

Filesize
120KB

MD5
c3b7732a181a640ef5b8f048f735cdd6

SHA1
bfdc8d7143229b77e2a2795968ff49e13785f4b3

SHA256
6d428b0f6baded4b5b74d836f5751558a9c215c5e414c242752beff0560ea32e

SHA512
3074db495431a27b30c5f43512bf9beb3e1c06b8ecfb3beccb48d834264dcbee4417752fc95bd4f33b05ee79ceb6ee44f47c81914da07391bbb5191065a95aa8

Download Submit
C:\debug.txt

Filesize
183B

MD5
f8166d3a4fe50657cb85d25d39a34dde

SHA1
f21946ab1d0988f780a6225c0d99f762bd34be06

SHA256
fa8659c214e0e224cbe7ce37483a2990fa0dce39cf42c9ea878d623118c6b866

SHA512
52889740d28bc45af4c4a88527efe9ebb22634835ac8d6ce14f974db0f6923a6ddf7b194e23031eaa59fa6696a92c26182b85b31e5c9f1dddcdd39d72ba1cf30

Download Submit