ee218af0b512af8a58cdb0cad0e27a7b92c6b3d664a92b31c676c0ead6d8a05c

Analysis

max time kernel
26s
max time network
112s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6964bed45b2863e836b42d3e3f6c2e80N.exe
Size

1.4MB
MD5

6964bed45b2863e836b42d3e3f6c2e80
SHA1

5ffd1ca8b16784387178cc0d0cc6b701b903c8c1
SHA256

ee218af0b512af8a58cdb0cad0e27a7b92c6b3d664a92b31c676c0ead6d8a05c
SHA512

e9bd6309a0feef5d5d67f81048ef982ca143ecc9d9a40cf5b5fc0d00c480c00617f7cf5d91cb3256b0152d5a2fb09f0403d84f6ce7d5725e0a71ed9b0e11faf6
SSDEEP

24576:oWrDY0+95rOEOUsfh+fVYtmtu9qZeACLnHUItRVGYzFf/M+DjSN:VvjEOUsfh+dYzqZUnHUuRVJzZM+DjSN

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6964bed45b2863e836b42d3e3f6c2e80N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\I:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\J:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\L:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\U:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\W:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\Z:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\X:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\A:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\E:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\K:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\Q:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\S:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\T:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\V:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\B:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\N:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\O:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\G:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\M:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\P:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\R:	6964bed45b2863e836b42d3e3f6c2e80N.exe
File opened (read-only)	\??\Y:	6964bed45b2863e836b42d3e3f6c2e80N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\danish kicking sperm hidden (Janette).rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beastiality fucking several models cock .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\IME\shared\lingerie public .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian cum hardcore several models cock upskirt .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian cumshot gay [bangbus] mature (Christine,Janette).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay big hole hotel .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish nude blowjob licking glans ejaculation (Jade).mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm [free] cock .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish lingerie licking young .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SysWOW64\IME\shared\black horse trambling uncut titts .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\horse [bangbus] circumcision .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\danish animal blowjob big (Curtney).avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian licking (Melissa).rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish gang bang lesbian [free] .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese animal trambling voyeur hole bondage .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish fetish trambling hot (!) glans .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian gang bang lesbian girls cock .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Google\Temp\italian handjob lingerie hidden ìï .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish cumshot lesbian [milf] stockings .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian licking hole (Sandy,Sarah).rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay full movie hole wifey (Tatjana).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files\Windows Journal\Templates\russian handjob gay [free] hairy (Kathrin,Liz).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie hidden femdom .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian porn lesbian girls swallow .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish porn lesbian masturbation granny .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\spanish gay licking titts pregnant .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian gang bang bukkake girls glans shower (Sylvia).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\cum bukkake sleeping sweet .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\horse sperm girls hole lady .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\japanese cum blowjob catfight sweet .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\asian fucking hot (!) .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\british hardcore [free] 40+ .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\horse voyeur hole ìï .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cumshot beast lesbian titts .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay public latex .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish fucking public .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\bukkake public traffic .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\temp\lingerie catfight femdom .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\fetish gay public titts wifey .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\hardcore girls titts stockings .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\danish cumshot xxx public hole .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\mssrv.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\tmp\fucking sleeping (Curtney).avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\black fetish trambling girls sweet .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\american kicking sperm sleeping cock castration (Janette).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake big hairy (Britney,Karin).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\american cumshot beast girls .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french lingerie [bangbus] cock latex (Tatjana).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\PLA\Templates\italian handjob lesbian lesbian latex .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\gang bang sperm masturbation .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish animal xxx masturbation titts swallow (Sylvia).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore public titts leather .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\spanish hardcore masturbation .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\african blowjob [free] .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\Downloaded Program Files\black beastiality horse [milf] .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse xxx hot (!) .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\canadian hardcore full movie cock fishy (Janette).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\british lingerie several models titts ash .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\spanish xxx several models balls .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\german xxx full movie (Sylvia).rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\action sperm girls 40+ .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\spanish fucking uncut (Jade).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality lingerie [free] glans .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\brasilian horse beast lesbian girly .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob [free] (Sarah).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\beastiality gay sleeping glans .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob several models (Sylvia).avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese lesbian [free] (Tatjana).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\handjob fucking public glans high heels (Liz).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\beastiality gay girls sm .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\danish gang bang hardcore full movie shower (Sonja,Samantha).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\handjob hardcore hot (!) glans ash .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black kicking lingerie uncut girly .zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\african lesbian [bangbus] cock 50+ .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\InstallTemp\cumshot fucking [free] 50+ (Sonja,Sarah).zip.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish cumshot hardcore licking .mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish horse trambling [bangbus] wifey (Christine,Liz).avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\american animal lingerie sleeping cock fishy (Sylvia).rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian kicking xxx lesbian (Tatjana).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\SoftwareDistribution\Download\danish action lesbian catfight cock black hairunshaved .avi.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american nude bukkake girls young .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\action gay [free] titts .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\blowjob uncut (Liz).mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\japanese gang bang fucking [free] .mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\brasilian porn trambling several models (Sylvia).mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob [free] (Janette).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german lingerie licking .rar.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\animal xxx big feet 50+ (Samantha).mpeg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\french sperm licking titts 40+ (Curtney).mpg.exe	6964bed45b2863e836b42d3e3f6c2e80N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
1728	6964bed45b2863e836b42d3e3f6c2e80N.exe
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
1212	6964bed45b2863e836b42d3e3f6c2e80N.exe
2152	6964bed45b2863e836b42d3e3f6c2e80N.exe
1728	6964bed45b2863e836b42d3e3f6c2e80N.exe
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
2916	6964bed45b2863e836b42d3e3f6c2e80N.exe
1212	6964bed45b2863e836b42d3e3f6c2e80N.exe
2936	6964bed45b2863e836b42d3e3f6c2e80N.exe
2928	6964bed45b2863e836b42d3e3f6c2e80N.exe
2876	6964bed45b2863e836b42d3e3f6c2e80N.exe
1728	6964bed45b2863e836b42d3e3f6c2e80N.exe
2152	6964bed45b2863e836b42d3e3f6c2e80N.exe
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
444	6964bed45b2863e836b42d3e3f6c2e80N.exe
1976	6964bed45b2863e836b42d3e3f6c2e80N.exe
2916	6964bed45b2863e836b42d3e3f6c2e80N.exe
1212	6964bed45b2863e836b42d3e3f6c2e80N.exe
1424	6964bed45b2863e836b42d3e3f6c2e80N.exe
2772	6964bed45b2863e836b42d3e3f6c2e80N.exe
1608	6964bed45b2863e836b42d3e3f6c2e80N.exe
524	6964bed45b2863e836b42d3e3f6c2e80N.exe
2936	6964bed45b2863e836b42d3e3f6c2e80N.exe
2928	6964bed45b2863e836b42d3e3f6c2e80N.exe
1728	6964bed45b2863e836b42d3e3f6c2e80N.exe
2876	6964bed45b2863e836b42d3e3f6c2e80N.exe
2340	6964bed45b2863e836b42d3e3f6c2e80N.exe
2108	6964bed45b2863e836b42d3e3f6c2e80N.exe
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
2152	6964bed45b2863e836b42d3e3f6c2e80N.exe
3036	6964bed45b2863e836b42d3e3f6c2e80N.exe
1684	6964bed45b2863e836b42d3e3f6c2e80N.exe
1152	6964bed45b2863e836b42d3e3f6c2e80N.exe
444	6964bed45b2863e836b42d3e3f6c2e80N.exe
2916	6964bed45b2863e836b42d3e3f6c2e80N.exe
1628	6964bed45b2863e836b42d3e3f6c2e80N.exe
1976	6964bed45b2863e836b42d3e3f6c2e80N.exe
1212	6964bed45b2863e836b42d3e3f6c2e80N.exe
1644	6964bed45b2863e836b42d3e3f6c2e80N.exe
844	6964bed45b2863e836b42d3e3f6c2e80N.exe
1428	6964bed45b2863e836b42d3e3f6c2e80N.exe
2928	6964bed45b2863e836b42d3e3f6c2e80N.exe
2060	6964bed45b2863e836b42d3e3f6c2e80N.exe
1980	6964bed45b2863e836b42d3e3f6c2e80N.exe
2936	6964bed45b2863e836b42d3e3f6c2e80N.exe
3060	6964bed45b2863e836b42d3e3f6c2e80N.exe
1728	6964bed45b2863e836b42d3e3f6c2e80N.exe
1424	6964bed45b2863e836b42d3e3f6c2e80N.exe
1964	6964bed45b2863e836b42d3e3f6c2e80N.exe
2772	6964bed45b2863e836b42d3e3f6c2e80N.exe
2876	6964bed45b2863e836b42d3e3f6c2e80N.exe
2876	6964bed45b2863e836b42d3e3f6c2e80N.exe
2284	6964bed45b2863e836b42d3e3f6c2e80N.exe
2284	6964bed45b2863e836b42d3e3f6c2e80N.exe
1608	6964bed45b2863e836b42d3e3f6c2e80N.exe
1608	6964bed45b2863e836b42d3e3f6c2e80N.exe
524	6964bed45b2863e836b42d3e3f6c2e80N.exe
524	6964bed45b2863e836b42d3e3f6c2e80N.exe
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
2128	6964bed45b2863e836b42d3e3f6c2e80N.exe
1716	6964bed45b2863e836b42d3e3f6c2e80N.exe
1716	6964bed45b2863e836b42d3e3f6c2e80N.exe
2152	6964bed45b2863e836b42d3e3f6c2e80N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1728	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	30
PID 2128 wrote to memory of 1728	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	30
PID 2128 wrote to memory of 1728	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	30
PID 2128 wrote to memory of 1728	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	30
PID 1728 wrote to memory of 1212	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	31
PID 1728 wrote to memory of 1212	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	31
PID 1728 wrote to memory of 1212	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	31
PID 1728 wrote to memory of 1212	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	31
PID 2128 wrote to memory of 2152	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	32
PID 2128 wrote to memory of 2152	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	32
PID 2128 wrote to memory of 2152	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	32
PID 2128 wrote to memory of 2152	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	32
PID 1212 wrote to memory of 2916	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	33
PID 1212 wrote to memory of 2916	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	33
PID 1212 wrote to memory of 2916	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	33
PID 1212 wrote to memory of 2916	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	33
PID 1728 wrote to memory of 2876	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	34
PID 1728 wrote to memory of 2876	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	34
PID 1728 wrote to memory of 2876	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	34
PID 1728 wrote to memory of 2876	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	34
PID 2128 wrote to memory of 2928	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	35
PID 2128 wrote to memory of 2928	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	35
PID 2128 wrote to memory of 2928	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	35
PID 2128 wrote to memory of 2928	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	35
PID 2152 wrote to memory of 2936	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	36
PID 2152 wrote to memory of 2936	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	36
PID 2152 wrote to memory of 2936	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	36
PID 2152 wrote to memory of 2936	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	36
PID 2916 wrote to memory of 444	2916	6964bed45b2863e836b42d3e3f6c2e80N.exe	37
PID 2916 wrote to memory of 444	2916	6964bed45b2863e836b42d3e3f6c2e80N.exe	37
PID 2916 wrote to memory of 444	2916	6964bed45b2863e836b42d3e3f6c2e80N.exe	37
PID 2916 wrote to memory of 444	2916	6964bed45b2863e836b42d3e3f6c2e80N.exe	37
PID 1212 wrote to memory of 1976	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	38
PID 1212 wrote to memory of 1976	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	38
PID 1212 wrote to memory of 1976	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	38
PID 1212 wrote to memory of 1976	1212	6964bed45b2863e836b42d3e3f6c2e80N.exe	38
PID 2936 wrote to memory of 1424	2936	6964bed45b2863e836b42d3e3f6c2e80N.exe	39
PID 2936 wrote to memory of 1424	2936	6964bed45b2863e836b42d3e3f6c2e80N.exe	39
PID 2936 wrote to memory of 1424	2936	6964bed45b2863e836b42d3e3f6c2e80N.exe	39
PID 2936 wrote to memory of 1424	2936	6964bed45b2863e836b42d3e3f6c2e80N.exe	39
PID 2876 wrote to memory of 1608	2876	6964bed45b2863e836b42d3e3f6c2e80N.exe	40
PID 2876 wrote to memory of 1608	2876	6964bed45b2863e836b42d3e3f6c2e80N.exe	40
PID 2876 wrote to memory of 1608	2876	6964bed45b2863e836b42d3e3f6c2e80N.exe	40
PID 2876 wrote to memory of 1608	2876	6964bed45b2863e836b42d3e3f6c2e80N.exe	40
PID 1728 wrote to memory of 2772	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	41
PID 1728 wrote to memory of 2772	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	41
PID 1728 wrote to memory of 2772	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	41
PID 1728 wrote to memory of 2772	1728	6964bed45b2863e836b42d3e3f6c2e80N.exe	41
PID 2928 wrote to memory of 524	2928	6964bed45b2863e836b42d3e3f6c2e80N.exe	42
PID 2928 wrote to memory of 524	2928	6964bed45b2863e836b42d3e3f6c2e80N.exe	42
PID 2928 wrote to memory of 524	2928	6964bed45b2863e836b42d3e3f6c2e80N.exe	42
PID 2928 wrote to memory of 524	2928	6964bed45b2863e836b42d3e3f6c2e80N.exe	42
PID 2152 wrote to memory of 2340	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	43
PID 2152 wrote to memory of 2340	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	43
PID 2152 wrote to memory of 2340	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	43
PID 2152 wrote to memory of 2340	2152	6964bed45b2863e836b42d3e3f6c2e80N.exe	43
PID 2128 wrote to memory of 2108	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	44
PID 2128 wrote to memory of 2108	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	44
PID 2128 wrote to memory of 2108	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	44
PID 2128 wrote to memory of 2108	2128	6964bed45b2863e836b42d3e3f6c2e80N.exe	44
PID 444 wrote to memory of 3036	444	6964bed45b2863e836b42d3e3f6c2e80N.exe	45
PID 444 wrote to memory of 3036	444	6964bed45b2863e836b42d3e3f6c2e80N.exe	45
PID 444 wrote to memory of 3036	444	6964bed45b2863e836b42d3e3f6c2e80N.exe	45
PID 444 wrote to memory of 3036	444	6964bed45b2863e836b42d3e3f6c2e80N.exe	45

C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
"C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        10⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:20792
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:19524
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:22028
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:19648
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20424
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20336
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20576
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:21644
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:20296
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20216
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20452
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20084
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20376
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20016
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:20240
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:19808
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21400
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20800
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:19776
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:21600
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20032
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:19928
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20008
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20280
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:21516
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20808
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21532
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20360
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20856
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21392
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:22020
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20352
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20200
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:21652
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20136
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        9⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:19992
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21636
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:21724
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20256
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20120
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19800
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19572
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19904
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19720
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20864
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:22044
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20232
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19624
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:18696
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21364
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21416
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19240
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20840
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19516
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21080
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20392
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21864
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21480
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21300
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21564
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20344
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21508
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19632
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19676
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20552
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20408
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19496
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21556
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19532
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21464
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21692
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20312
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21144
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21372
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21072
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21876
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19248
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20272
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19704
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21424
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:20056
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19468
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20400
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19864
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21336
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20520
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21548
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19872
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21024
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19592
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20444
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19840
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20880
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19968
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19608
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19264
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21700
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20436
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21472
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20192
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19768
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21384
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19404
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19552
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:20168
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:20208
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:7884
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:11088
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:19888
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20320
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19984
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20000
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21456
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19656
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        8⤵
        
        PID:20160
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19880
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21904
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20024
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19792
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21580
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21668
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20108
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21348
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19440
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19760
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19640
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19944
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21608
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20384
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19688
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21152
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21732
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21356
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:17900
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19752
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19832
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19544
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20816
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21684
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21308
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21628
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19896
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19352
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21088
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20560
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:616
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19816
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:20872
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19600
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19508
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21496
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19256
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19960
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21540
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:20592
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:20488
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:21488
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19272
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19856
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19912
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19736
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21048
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20048
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19712
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21268
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19560
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:19616
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21524
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21912
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19232
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20568
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20184
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19952
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21448
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20224
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20064
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:20368
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:20152
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21040
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:7976
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:12292
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:21316
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        7⤵
        
        PID:20040
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:19976
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        6⤵
        
        PID:21164
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21104
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19824
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20248
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:21592
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:20304
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19696
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19424
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19728
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21620
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19920
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:11152
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:20288
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  PID:236
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:19744
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21056
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21716
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:10888
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:19664
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  PID:2028
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
        5⤵
        
        PID:19280
  - - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
      "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
      4⤵
      PID:21096
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:6268
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:11596
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:20328
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  PID:3632
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:7256
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:12588
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:4732
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  PID:5932
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:11436
- - C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
    3⤵
    PID:19784
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  PID:9908
- C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe
  "C:\Users\Admin\AppData\Local\Temp\6964bed45b2863e836b42d3e3f6c2e80N.exe"
  2⤵
  PID:20264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish gang bang lesbian [free] .rar.exe

Filesize
1.4MB

MD5
daef7f19aa5a563561d1550c880a3b82

SHA1
4dd9cc59634374cee6c2c50178fb447058514e3e

SHA256
2b05d411fa1952b85438d5cfcb7aa0abc8ad724db24618dba6352d3ecc75ac67

SHA512
70f276bc4f5951825c0532eab835980cf2dea3c4762d7f633e3161011f50b62c6c82c2e03bbaaee895ab695e90a64e4637ce13f286248fedff12381a5271260e

Download Submit
C:\debug.txt

Filesize
183B

MD5
b6202390417962ac0bddbce922a91f42

SHA1
6424643fdf338f728a2e763ba175a7301ac7ca98

SHA256
a2a5ce54db0574615da13b753e95b89f9a1f67afb9e71a6e5f8a28d048f8374d

SHA512
b94e159b4023b9eefb6774beabab9f28a67f0ef22bfaea0abaa55d6b8cf5223df5bbcef44f33ff2980762b97961ac97d45802e75a1988e59193a6f29aa0705e2

Download Submit
memory/236-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/236-161-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/444-164-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/444-109-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/444-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/524-120-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/524-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/524-148-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/572-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/572-179-0x00000000047C0000-0x00000000047EB000-memory.dmp

Filesize
172KB

Download
memory/844-144-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/844-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1152-133-0x0000000001F00000-0x0000000001F2B000-memory.dmp

Filesize
172KB

Download
memory/1152-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1212-177-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/1212-137-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/1212-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1212-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1212-180-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1212-174-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1212-95-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1384-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1384-159-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/1424-141-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1424-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1424-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1428-146-0x0000000000540000-0x000000000056B000-memory.dmp

Filesize
172KB

Download
memory/1428-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1608-147-0x0000000004630000-0x000000000465B000-memory.dmp

Filesize
172KB

Download
memory/1608-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1608-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1628-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1628-140-0x0000000004BD0000-0x0000000004BFB000-memory.dmp

Filesize
172KB

Download
memory/1644-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1644-142-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/1684-130-0x0000000004E60000-0x0000000004E8B000-memory.dmp

Filesize
172KB

Download
memory/1684-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1684-163-0x00000000050E0000-0x000000000510B000-memory.dmp

Filesize
172KB

Download
memory/1716-158-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1716-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1728-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1728-170-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1728-97-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1728-91-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1728-139-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1728-68-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1736-160-0x0000000002020000-0x000000000204B000-memory.dmp

Filesize
172KB

Download
memory/1736-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1964-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1964-156-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1976-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1976-136-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1980-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-153-0x0000000004470000-0x000000000449B000-memory.dmp

Filesize
172KB

Download
memory/2060-152-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/2060-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2108-155-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2108-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2128-93-0x00000000069B0000-0x00000000069DB000-memory.dmp

Filesize
172KB

Download
memory/2128-149-0x00000000069B0000-0x00000000069DB000-memory.dmp

Filesize
172KB

Download
memory/2128-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2128-166-0x00000000050E0000-0x000000000510B000-memory.dmp

Filesize
172KB

Download
memory/2128-171-0x00000000069B0000-0x00000000069DB000-memory.dmp

Filesize
172KB

Download
memory/2128-98-0x00000000069B0000-0x00000000069DB000-memory.dmp

Filesize
172KB

Download
memory/2128-67-0x00000000050E0000-0x000000000510B000-memory.dmp

Filesize
172KB

Download
memory/2128-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2152-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2152-150-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/2152-123-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/2152-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2284-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2284-157-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2340-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2340-151-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2408-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2684-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-143-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2876-145-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2876-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2916-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2916-132-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2916-167-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/2916-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2936-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2936-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2936-138-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/3012-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3036-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3036-128-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/3036-162-0x0000000004940000-0x000000000496B000-memory.dmp

Filesize
172KB

Download
memory/3060-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3060-154-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download