2c3632b9b270c71263b973ee449818526b22d10b5de896568b466d0bf13f49cd

Analysis

max time kernel
25s
max time network
94s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
Size

1.4MB
MD5

6464a5eaa0c8bc757ed0a2d2f1f8d900
SHA1

0714ac967da0c47a7a925b620b8bdc21af85284e
SHA256

2c3632b9b270c71263b973ee449818526b22d10b5de896568b466d0bf13f49cd
SHA512

11d60d58241db03420d977b77624631e5f7c16adda01781271393b780760abb31626f42ed3e6d4238dd5108a9a27c462f0e24629fd1a575fe52e08611ffa37b8
SSDEEP

24576:oWQrtgYq4XX7ekMoN+Z5ymRBOIqlNoF3FH83exHnF7OulcrPYuHKe+Z9Jtw:VSzXik3N+Z5ymuN08GHoulbW+ZK

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\J:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\K:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\O:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\P:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\U:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\M:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\Q:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\V:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\X:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\Y:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\B:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\E:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\G:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\H:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\W:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\Z:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\A:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\L:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\N:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\R:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\S:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File opened (read-only)	\??\T:	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\danish hardcore beast big .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish gay big (Janette).avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian gay kicking licking (Britney,Jenna).mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\IME\shared\black porn horse several models feet .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish hardcore voyeur nipples lady .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian animal several models boobs ash .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\System32\DriverStore\Temp\asian hardcore licking .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french lingerie catfight pregnant (Christine).mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cum sperm [milf] redhair .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish handjob uncut .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\danish nude handjob public (Curtney).mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian kicking masturbation glans .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx nude public circumcision .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Google\Temp\american trambling xxx licking ash shoes .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie horse [free] bondage (Sonja,Jade).rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian lingerie lesbian masturbation girly .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files\Windows Journal\Templates\norwegian sperm fucking hot (!) .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian cum trambling licking stockings .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\horse hot (!) glans .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian bukkake lesbian uncut beautyfull .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\brasilian horse [bangbus] beautyfull .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\handjob porn [milf] vagina shower .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay porn several models lady (Jenna,Jade).mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish lingerie bukkake masturbation high heels .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\nude uncut upskirt .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\beast lingerie [bangbus] vagina .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish beastiality fucking uncut (Tatjana).avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cum nude sleeping legs .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\malaysia horse uncut .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\indian beastiality hidden mistress .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking beastiality [bangbus] mistress .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\norwegian beastiality lesbian hole black hairunshaved (Melissa,Christine).rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british cumshot full movie vagina .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\swedish sperm uncut leather .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\danish beastiality handjob [free] vagina castration .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian handjob voyeur redhair .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\danish lingerie xxx girls vagina blondie .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british blowjob lingerie lesbian hole lady .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\Downloaded Program Files\german cumshot licking cock .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american beastiality nude masturbation balls .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\spanish handjob xxx uncut nipples castration (Sandy).avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\sperm big hole (Sonja,Jenna).zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian bukkake gay uncut stockings (Sylvia).rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast full movie .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\fetish public .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia nude lingerie girls high heels .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\spanish horse cumshot public .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\animal bukkake big .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\african beast fetish public balls .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian sperm hidden legs .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie trambling licking redhair .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black horse fucking sleeping YEâPSè& (Sylvia).mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\horse public penetration .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\handjob sleeping femdom (Ashley).zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish blowjob sleeping cock (Sandy,Samantha).mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese lesbian [bangbus] nipples high heels (Britney,Liz).zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish hardcore sleeping .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\gang bang hidden feet wifey .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\trambling voyeur balls .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\british horse hidden nipples traffic (Janette,Samantha).rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\action sleeping penetration (Jade).zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\danish cumshot horse big ìï .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\InstallTemp\handjob horse [bangbus] .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\handjob full movie vagina high heels .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\beastiality lesbian upskirt .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\japanese hardcore catfight circumcision (Liz,Melissa).mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob fetish masturbation 50+ .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\british gay public 40+ .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish cumshot horse girls vagina traffic .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\german lingerie lingerie full movie shower (Christine,Kathrin).mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\african hardcore big legs .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\bukkake bukkake several models boots .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black lingerie sperm big feet .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian porn beast sleeping fishy (Sonja).avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gang bang [free] high heels .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\mssrv.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\french horse hidden boots .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot beast full movie ash (Sonja,Melissa).avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\nude girls nipples shoes .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\animal action sleeping 50+ .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian trambling porn sleeping swallow .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\lesbian [free] (Sarah,Samantha).rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm animal full movie YEâPSè& .mpeg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\Temp\swedish trambling [free] .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\russian beastiality catfight (Christine).mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\cum several models ash beautyfull .avi.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\assembly\tmp\black fucking full movie beautyfull .zip.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\german xxx gang bang uncut ìï .rar.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\japanese trambling [milf] .mpg.exe	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1832	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1620	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1588	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1248	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2800	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2588	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2660	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1772	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2304	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1416	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1832	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
444	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2400	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2560	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1620	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2940	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1588	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1248	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1296	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2800	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
624	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1696	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1180	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1772	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
996	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2904	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2588	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1240	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1224	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
2660	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
952	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
952	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2688	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	30
PID 2516 wrote to memory of 2688	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	30
PID 2516 wrote to memory of 2688	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	30
PID 2516 wrote to memory of 2688	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	30
PID 2688 wrote to memory of 1948	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	31
PID 2688 wrote to memory of 1948	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	31
PID 2688 wrote to memory of 1948	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	31
PID 2688 wrote to memory of 1948	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	31
PID 2516 wrote to memory of 1776	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	32
PID 2516 wrote to memory of 1776	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	32
PID 2516 wrote to memory of 1776	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	32
PID 2516 wrote to memory of 1776	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	32
PID 1948 wrote to memory of 1604	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	33
PID 1948 wrote to memory of 1604	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	33
PID 1948 wrote to memory of 1604	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	33
PID 1948 wrote to memory of 1604	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	33
PID 1776 wrote to memory of 1544	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	34
PID 1776 wrote to memory of 1544	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	34
PID 1776 wrote to memory of 1544	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	34
PID 1776 wrote to memory of 1544	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	34
PID 2688 wrote to memory of 316	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	35
PID 2688 wrote to memory of 316	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	35
PID 2688 wrote to memory of 316	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	35
PID 2688 wrote to memory of 316	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	35
PID 2516 wrote to memory of 584	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	36
PID 2516 wrote to memory of 584	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	36
PID 2516 wrote to memory of 584	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	36
PID 2516 wrote to memory of 584	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	36
PID 1604 wrote to memory of 1832	1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	37
PID 1604 wrote to memory of 1832	1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	37
PID 1604 wrote to memory of 1832	1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	37
PID 1604 wrote to memory of 1832	1604	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	37
PID 1544 wrote to memory of 1588	1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	38
PID 1544 wrote to memory of 1588	1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	38
PID 1544 wrote to memory of 1588	1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	38
PID 1544 wrote to memory of 1588	1544	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	38
PID 316 wrote to memory of 1620	316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	39
PID 316 wrote to memory of 1620	316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	39
PID 316 wrote to memory of 1620	316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	39
PID 316 wrote to memory of 1620	316	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	39
PID 1948 wrote to memory of 1248	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	40
PID 1948 wrote to memory of 1248	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	40
PID 1948 wrote to memory of 1248	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	40
PID 1948 wrote to memory of 1248	1948	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	40
PID 584 wrote to memory of 2660	584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	41
PID 584 wrote to memory of 2660	584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	41
PID 584 wrote to memory of 2660	584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	41
PID 584 wrote to memory of 2660	584	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	41
PID 1776 wrote to memory of 2800	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	42
PID 1776 wrote to memory of 2800	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	42
PID 1776 wrote to memory of 2800	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	42
PID 1776 wrote to memory of 2800	1776	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	42
PID 2688 wrote to memory of 2588	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	43
PID 2688 wrote to memory of 2588	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	43
PID 2688 wrote to memory of 2588	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	43
PID 2688 wrote to memory of 2588	2688	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	43
PID 2516 wrote to memory of 1772	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	44
PID 2516 wrote to memory of 1772	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	44
PID 2516 wrote to memory of 1772	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	44
PID 2516 wrote to memory of 1772	2516	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	44
PID 1832 wrote to memory of 2304	1832	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	45
PID 1832 wrote to memory of 2304	1832	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	45
PID 1832 wrote to memory of 2304	1832	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	45
PID 1832 wrote to memory of 2304	1832	6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe	45

C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
"C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        10⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        10⤵
        
        PID:21124
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:24088
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:22368
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:22376
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:21212
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:23032
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:22360
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:21952
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:21180
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:22928
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:22624
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:20848
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24184
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:20864
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22336
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:23080
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:23328
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19212
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19668
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:20756
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19812
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:26772
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19472
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:21204
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22352
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24200
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22768
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24280
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24360
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:21164
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:21056
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22328
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19220
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:26812
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24080
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19748
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:26996
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:23064
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:21116
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19496
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24168
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:23096
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21188
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22736
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:18512
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:23976
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19824
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:26860
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22608
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19732
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24528
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21228
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24352
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24224
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:26616
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24136
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:23024
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22152
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:23464
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23056
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:21108
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:22872
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:19260
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:27004
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22976
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:19520
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24192
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19660
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24240
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:24256
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:23828
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19628
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24452
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:23288
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:20784
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22952
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24368
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:18556
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:20880
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21148
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:23900
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24160
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22600
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24032
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19724
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:23040
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19772
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:27012
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22616
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:21220
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22992
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:23008
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22312
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:21140
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:20872
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:20896
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:23016
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19684
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22904
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24176
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22760
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22920
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23960
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24096
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24504
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24152
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24024
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24120
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:20776
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19716
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24052
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:24412
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24384
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:26828
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:19784
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10328
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:7664
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:11968
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:1364
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        9⤵
        
        PID:22784
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:18488
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:24420
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:19756
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:23984
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:23536
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:22752
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19252
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:26892
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22800
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        8⤵
        
        PID:20856
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:18692
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:23968
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:20768
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21968
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24216
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19740
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22344
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:23864
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:18548
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24376
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24072
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24016
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24000
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:26796
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21172
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19676
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24064
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23156
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:19228
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24272
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22640
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:24104
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24144
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19700
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22888
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24232
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22792
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:26972
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:24304
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21044
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22912
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24312
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24008
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:19796
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:26788
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24112
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24288
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:18684
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23952
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23048
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:24344
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:8952
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:17600
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:24392
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:584
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:20840
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:21080
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        7⤵
        
        PID:21100
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22824
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:22728
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24460
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19652
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24436
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24248
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18520
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24400
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19284
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:26820
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:19764
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:26540
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24264
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24128
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:21156
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24296
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:19460
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:24512
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24444
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23072
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:24428
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:22720
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:9948
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:22320
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:19692
      - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        6⤵
        
        PID:24520
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:21092
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:22984
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:26804
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:24320
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:19276
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:26868
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:21132
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:24208
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:22744
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:22632
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:8116
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:11792
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:19488
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:24468
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:18464
    - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
        5⤵
        
        PID:23992
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23000
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:2856
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:23264
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:10100
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:22776
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
      "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
      4⤵
      PID:26988
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:7616
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:12968
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:23088
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:8544
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:13384
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:22960
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  PID:6728
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:14080
- - C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
    "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
    3⤵
    PID:22968
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  PID:10068
- C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe
  "C:\Users\Admin\AppData\Local\Temp\6464a5eaa0c8bc757ed0a2d2f1f8d900N.exe"
  2⤵
  PID:19480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\handjob porn [milf] vagina shower .mpeg.exe

Filesize
1.5MB

MD5
593b76a24ac4d3c7e9d76d597c022639

SHA1
edb936a8505947892c831d4edfe23c76ab326dd0

SHA256
16a04081d93f943d908b2876bc9810dfedf5b14a11043e39a4abd85f2ad7e022

SHA512
b5ace4124f786113a7fbd7c9f3e8d7a8be662d543371e208dabe01d3baa437cead9e1546d349069fee3d43062674c5140dda5b3513512f8f278ae678793d7984

Download Submit
C:\debug.txt

Filesize
183B

MD5
0fcdbf486f1f1f2481f859327e4c1818

SHA1
e042fcbe4ed364315af9805478d039e49377a298

SHA256
f05552c6100f8e879bfe4b41ce9a36739d58bd8c3f5e4bc415101b5f071104b0

SHA512
4997a5b9d57b24811084c5026444d899317d23be7cefa3bc3e922482ccfca554717c56034471fe26d83331c34320e1482593c93833904c234893061cad5729e9

Download Submit
memory/316-177-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/316-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/444-179-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/444-127-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/444-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/584-134-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/584-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/584-111-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/584-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/584-185-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/624-172-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/624-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/952-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/996-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1180-170-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1180-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1224-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1240-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1248-104-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1248-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1248-173-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1248-129-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1296-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1296-136-0x0000000001EA0000-0x0000000001ECB000-memory.dmp

Filesize
172KB

Download
memory/1372-192-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1416-164-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1416-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1524-158-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1524-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1528-160-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1544-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1588-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1588-128-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1588-105-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1604-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1604-133-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/1604-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1620-126-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1620-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1620-180-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1620-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1696-176-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1696-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-175-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1776-137-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1776-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1776-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1832-102-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/1832-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1832-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1832-165-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/1948-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2064-166-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2244-187-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2304-161-0x0000000004A00000-0x0000000004A2B000-memory.dmp

Filesize
172KB

Download
memory/2304-123-0x00000000049F0000-0x0000000004A1B000-memory.dmp

Filesize
172KB

Download
memory/2360-157-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2400-178-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2400-132-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2516-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2516-65-0x0000000004DB0000-0x0000000004DDB000-memory.dmp

Filesize
172KB

Download
memory/2516-119-0x0000000005110000-0x000000000513B000-memory.dmp

Filesize
172KB

Download
memory/2516-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2516-95-0x0000000004DC0000-0x0000000004DEB000-memory.dmp

Filesize
172KB

Download
memory/2516-139-0x00000000056B0000-0x00000000056DB000-memory.dmp

Filesize
172KB

Download
memory/2560-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2560-125-0x00000000045B0000-0x00000000045DB000-memory.dmp

Filesize
172KB

Download
memory/2660-135-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2688-183-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2688-66-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2688-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2688-174-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2688-131-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2688-89-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/2744-168-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2748-171-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2828-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2904-142-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2904-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2940-138-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2940-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3120-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3160-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3276-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3288-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3308-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3376-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3432-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3448-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3604-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3676-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3688-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3808-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3856-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download