darkcomet | 5e95ac29974541f3cf409d7ca483033c991e644b04f8d2dba7c2e08941511a22

Analysis

max time kernel
2s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2025, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.1MB
MD5

b0c07068e6f3b2bb0959a636d4bc8481
SHA1

79c420e2a5534ddbc37f5b8cd32a908bc01a293f
SHA256

b45efe2ba0a53a59524fd3c8ea6011ee8cf824e22d9e86526ed14c8887915820
SHA512

782db1f74f54f73be28a49bdcc98a89e231a07e0d06f6b35f80154d9e918e033f15856b9b39b6d501d88207771e4f3d15f7516961526d6663487d73916e5452f
SSDEEP

12288:Z4T4b4tcW7KEZlPzCy37tLV6Btpmkkx6g2UcW7KEZlPzCy37tLV6Btpmkkx6g2:Zm+KKiRzC0lApfkxIgKiRzC0lApfkxI

Score

10^/10

darkcomet nanocore guest16 defense_evasion discovery keylogger persistence rat spyware stealer trojan upx

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

jvjv2044duck33.duckdns.org:54984

Mutex

2fda0c27-65af-4514-b648-0066e7bbf615

Attributes

activate_away_mode
true
backup_connection_host
jvjv2044duck33.duckdns.org
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2025-01-27T20:01:11.197098036Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
54984
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
2fda0c27-65af-4514-b648-0066e7bbf615
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
jvjv2044duck33.duckdns.org
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Extracted

Family

darkcomet

Botnet

Guest16

jvjv2044duck33.duckdns.org:1604

Mutex

DC_MUTEX-3VMZ2C8

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
ttgTbZWj82S9
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	VLC MEDIA PLAYER.EXE

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore
Disables Task Manager via registry modification
defense_evasion

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5580	attrib.exe
3440	attrib.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	MSEDGE.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	MSEDGE.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	MSEDGE.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	file.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	MSEDGE.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	VLC MEDIA PLAYER.EXE

Executes dropped EXE 17 IoCs

pid	Process
5516	MSEDGE.EXE
3428	VLC MEDIA PLAYER.EXE
1088	WINDOWS SECURITY NANO.EXE
1488	MSEDGE.EXE
5212	VLC MEDIA PLAYER.EXE
5972	WINDOWS SECURITY NANO.EXE
4468	MSEDGE.EXE
4976	VLC MEDIA PLAYER.EXE
432	WINDOWS SECURITY NANO.EXE
4728	MSEDGE.EXE
4756	VLC MEDIA PLAYER.EXE
4748	msdcsc.exe
2352	WINDOWS SECURITY NANO.EXE
4536	msdcsc.exe
5536	MSEDGE.EXE
4552	msdcsc.exe
3632	VLC MEDIA PLAYER.EXE

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	VLC MEDIA PLAYER.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	VLC MEDIA PLAYER.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DSL Subsystem = "C:\\Program Files (x86)\\DSL Subsystem\\dslss.exe"	WINDOWS SECURITY NANO.EXE

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WINDOWS SECURITY NANO.EXE

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000242fe-19.dat	upx
behavioral1/memory/3428-25-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5212-34-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4976-44-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4976-48-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4756-55-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4748-57-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4756-52-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4552-63-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3632-68-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3428-67-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3632-71-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4552-66-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4536-60-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2704-77-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2704-80-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5644-88-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5664-95-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/6116-101-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5512-110-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4708-112-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/6116-108-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5664-100-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/1732-98-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5512-115-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5212-91-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5284-119-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/60-122-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/60-125-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5400-130-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3452-133-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3452-136-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5044-139-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4920-142-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4544-143-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4920-145-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4544-147-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/1096-149-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5060-151-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4604-153-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2448-154-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/1728-156-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/1352-158-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5024-160-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2704-162-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3968-164-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2944-167-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2548-169-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3620-171-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2928-173-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3628-174-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3628-176-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3344-177-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3344-179-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5276-180-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/5276-182-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/544-183-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4832-184-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/544-188-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/4832-186-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3428-189-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/3428-191-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2696-193-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2696-195-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DSL Subsystem\dslss.exe	WINDOWS SECURITY NANO.EXE
File opened for modification	C:\Program Files (x86)\DSL Subsystem\dslss.exe	WINDOWS SECURITY NANO.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINDOWS SECURITY NANO.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VLC MEDIA PLAYER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINDOWS SECURITY NANO.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINDOWS SECURITY NANO.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSEDGE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSEDGE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSEDGE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSEDGE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VLC MEDIA PLAYER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINDOWS SECURITY NANO.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VLC MEDIA PLAYER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VLC MEDIA PLAYER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSEDGE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VLC MEDIA PLAYER.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	VLC MEDIA PLAYER.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE
1088	WINDOWS SECURITY NANO.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeSecurityPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeTakeOwnershipPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeLoadDriverPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeSystemProfilePrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeSystemtimePrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeProfSingleProcessPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeIncBasePriorityPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeCreatePagefilePrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeBackupPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeRestorePrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeShutdownPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeDebugPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeSystemEnvironmentPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeChangeNotifyPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeRemoteShutdownPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeUndockPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeManageVolumePrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeImpersonatePrivilege	3428	VLC MEDIA PLAYER.EXE
Token: SeCreateGlobalPrivilege	3428	VLC MEDIA PLAYER.EXE
Token: 33	3428	VLC MEDIA PLAYER.EXE
Token: 34	3428	VLC MEDIA PLAYER.EXE
Token: 35	3428	VLC MEDIA PLAYER.EXE
Token: 36	3428	VLC MEDIA PLAYER.EXE
Token: SeIncreaseQuotaPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeSecurityPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeTakeOwnershipPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeLoadDriverPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeSystemProfilePrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeSystemtimePrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeProfSingleProcessPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeIncBasePriorityPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeCreatePagefilePrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeBackupPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeRestorePrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeShutdownPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeDebugPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeSystemEnvironmentPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeChangeNotifyPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeRemoteShutdownPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeUndockPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeManageVolumePrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeImpersonatePrivilege	5212	VLC MEDIA PLAYER.EXE
Token: SeCreateGlobalPrivilege	5212	VLC MEDIA PLAYER.EXE
Token: 33	5212	VLC MEDIA PLAYER.EXE
Token: 34	5212	VLC MEDIA PLAYER.EXE
Token: 35	5212	VLC MEDIA PLAYER.EXE
Token: 36	5212	VLC MEDIA PLAYER.EXE
Token: SeIncreaseQuotaPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeSecurityPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeTakeOwnershipPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeLoadDriverPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeSystemProfilePrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeSystemtimePrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeProfSingleProcessPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeIncBasePriorityPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeCreatePagefilePrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeBackupPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeRestorePrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeShutdownPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeDebugPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeSystemEnvironmentPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeChangeNotifyPrivilege	4976	VLC MEDIA PLAYER.EXE
Token: SeRemoteShutdownPrivilege	4976	VLC MEDIA PLAYER.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5212	VLC MEDIA PLAYER.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 5516	1080	file.exe	88
PID 1080 wrote to memory of 5516	1080	file.exe	88
PID 1080 wrote to memory of 5516	1080	file.exe	88
PID 1080 wrote to memory of 3428	1080	file.exe	89
PID 1080 wrote to memory of 3428	1080	file.exe	89
PID 1080 wrote to memory of 3428	1080	file.exe	89
PID 1080 wrote to memory of 1088	1080	file.exe	90
PID 1080 wrote to memory of 1088	1080	file.exe	90
PID 1080 wrote to memory of 1088	1080	file.exe	90
PID 5516 wrote to memory of 1488	5516	MSEDGE.EXE	91
PID 5516 wrote to memory of 1488	5516	MSEDGE.EXE	91
PID 5516 wrote to memory of 1488	5516	MSEDGE.EXE	91
PID 5516 wrote to memory of 5212	5516	MSEDGE.EXE	92
PID 5516 wrote to memory of 5212	5516	MSEDGE.EXE	92
PID 5516 wrote to memory of 5212	5516	MSEDGE.EXE	92
PID 5516 wrote to memory of 5972	5516	MSEDGE.EXE	281
PID 5516 wrote to memory of 5972	5516	MSEDGE.EXE	281
PID 5516 wrote to memory of 5972	5516	MSEDGE.EXE	281
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 5212 wrote to memory of 1772	5212	VLC MEDIA PLAYER.EXE	96
PID 3428 wrote to memory of 3180	3428	VLC MEDIA PLAYER.EXE	99
PID 3428 wrote to memory of 3180	3428	VLC MEDIA PLAYER.EXE	99
PID 3428 wrote to memory of 3180	3428	VLC MEDIA PLAYER.EXE	99
PID 3428 wrote to memory of 4884	3428	VLC MEDIA PLAYER.EXE	100
PID 3428 wrote to memory of 4884	3428	VLC MEDIA PLAYER.EXE	100
PID 3428 wrote to memory of 4884	3428	VLC MEDIA PLAYER.EXE	100
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 3428 wrote to memory of 4484	3428	VLC MEDIA PLAYER.EXE	101
PID 1488 wrote to memory of 4468	1488	MSEDGE.EXE	104

Views/modifies file attributes 1 TTPs 2 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5580	attrib.exe
3440	attrib.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
  "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5516
- - C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
    "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
      "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        12⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        14⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        15⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        16⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        17⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        18⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        19⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        20⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        21⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        22⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        23⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        24⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        25⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        26⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        27⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        28⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        29⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        30⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        31⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        32⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        33⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        34⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        35⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        36⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        37⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        38⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        39⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        40⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        41⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        42⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        43⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        44⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        45⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        46⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        47⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        48⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        49⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        50⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        51⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        52⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        53⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        54⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        55⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        56⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        57⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        58⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        59⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        60⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        61⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        62⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        63⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        64⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        65⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        66⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        67⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        68⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        69⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        70⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        71⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        72⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        73⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        74⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        75⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        76⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        77⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        78⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        79⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        80⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        81⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        82⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        83⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        84⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        85⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        86⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        87⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        88⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        89⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        90⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        91⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        92⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        93⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        94⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        95⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        96⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        97⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        98⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        99⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        100⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        101⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        102⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        103⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        104⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        105⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        106⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        107⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        108⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        109⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        110⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        111⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        112⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        113⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        114⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        115⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        116⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        117⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        118⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        119⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        120⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        121⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        122⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        123⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        124⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        125⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        126⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        127⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        128⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        129⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        130⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        131⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        132⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        133⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        134⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        135⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        136⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        137⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        138⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        139⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        140⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        141⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        142⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        143⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        144⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        145⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        146⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        147⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        148⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        149⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        150⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        151⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        152⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        153⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        154⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        155⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        156⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        157⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        158⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        159⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        160⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        161⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        162⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        163⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        164⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        165⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        166⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        167⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        168⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        169⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        170⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        171⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        172⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        173⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        174⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        175⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        176⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        177⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        178⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        179⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        180⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        181⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        182⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        183⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        184⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        185⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        186⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        187⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        188⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        189⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        190⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        191⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        192⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        193⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        194⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        195⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        196⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        197⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        198⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        199⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        200⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        201⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        202⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        203⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        204⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        205⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        206⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        207⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        208⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        209⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        210⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        211⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        212⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        213⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        214⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        215⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        216⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        217⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        218⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        219⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        220⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        221⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        222⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        223⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        224⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        225⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        226⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        227⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        228⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        229⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        230⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        231⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        232⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        233⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        234⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        235⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        236⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        237⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        238⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        239⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        240⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        241⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        242⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        243⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        244⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        245⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        246⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        247⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        248⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        249⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        250⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        251⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        252⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        253⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        254⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        255⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        256⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        257⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        258⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        259⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        260⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        261⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        262⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        263⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        264⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        265⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE"
        266⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        264⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        264⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        263⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        263⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        262⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        262⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        261⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        261⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        260⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        260⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        259⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        259⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        258⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        258⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        257⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        257⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        256⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        256⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        255⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        255⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        254⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        254⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        253⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        253⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        252⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        252⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        251⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        251⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        250⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        250⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        249⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        249⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        248⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        248⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        247⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        247⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        246⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        246⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        245⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        245⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        244⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        244⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        243⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        243⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        242⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        242⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        241⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        241⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        240⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        240⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        239⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        239⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        238⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        238⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        237⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        237⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        236⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        236⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        235⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        235⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        234⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        234⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        233⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        233⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        232⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        232⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        231⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        231⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        230⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        230⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        229⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        229⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        228⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        228⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        227⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        227⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        226⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        226⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        225⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        225⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        224⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        224⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        223⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        223⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        222⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        222⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        221⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        221⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        220⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        220⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        219⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        219⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        218⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        218⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        217⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        217⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        216⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        216⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        215⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        215⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        214⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        214⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        213⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        213⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        212⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        212⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        211⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        211⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        210⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        210⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        209⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        209⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        208⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        208⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        207⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        207⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        206⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        206⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        205⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        205⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        204⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        204⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        203⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        203⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        202⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        202⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        201⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        201⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        200⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        200⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        199⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        199⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        198⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        198⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        197⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        197⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        196⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        196⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        195⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        195⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        194⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        194⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        193⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        193⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        192⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        192⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        191⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        191⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        190⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        190⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        189⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        189⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        188⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        188⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        187⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        187⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        186⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        186⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        185⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        185⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        184⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        184⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        183⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        183⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        182⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        182⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        181⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        181⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        180⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        180⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        179⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        179⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        178⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        178⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        177⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        177⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        176⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        176⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        175⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        175⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        174⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        174⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        173⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        173⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        172⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        172⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        171⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        171⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        170⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        170⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        169⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        169⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        168⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        168⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        167⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        167⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        166⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        166⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        165⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        165⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        164⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        164⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        163⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        163⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        162⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        162⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        161⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        161⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        160⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        160⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        159⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        159⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        158⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        158⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        157⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        157⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        156⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        156⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        155⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        155⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        154⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        154⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        153⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        153⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        152⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        152⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        151⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        151⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        150⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        150⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        149⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        149⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        148⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        148⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        147⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        147⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        146⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        146⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        145⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        145⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        144⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        144⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        143⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        143⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        142⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        142⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        141⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        141⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        140⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        140⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        139⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        139⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        138⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        138⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        137⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        137⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        136⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        136⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        135⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        135⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        134⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        134⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        133⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        133⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        132⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        132⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        131⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        131⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        130⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        130⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        129⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        129⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        128⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        128⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        127⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        127⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        126⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        126⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        125⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        125⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        124⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        124⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        123⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        123⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        122⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        122⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        121⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        121⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        120⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        120⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        119⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        119⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        118⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        118⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        117⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        117⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        116⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        116⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        115⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        115⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        114⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        114⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        113⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        113⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        112⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        112⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        111⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        111⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        110⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        110⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        109⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        109⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        108⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        108⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        107⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        107⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        106⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        106⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        105⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        105⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        104⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        104⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        103⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        103⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        102⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        102⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        101⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        101⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        100⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        100⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        99⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        99⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        98⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        98⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        97⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        97⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        96⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        96⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        95⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        95⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        94⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        94⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        93⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        93⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        92⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        92⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        91⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        91⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        90⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        90⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        89⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        89⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        88⤵
        
        PID:32
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        88⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        87⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        87⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        86⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        86⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        85⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        85⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        84⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        84⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        83⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        83⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        82⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        82⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        81⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        81⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        80⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        80⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        79⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        79⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        78⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        78⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        77⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        77⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        76⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        76⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        75⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        75⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        74⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        74⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        73⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        73⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        72⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        72⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        71⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        71⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        70⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        70⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        69⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        69⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        68⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        68⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        67⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        67⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        66⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        66⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        65⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        65⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        64⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        64⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        63⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        63⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        62⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        62⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        61⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        61⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        60⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        60⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        59⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        59⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        58⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        58⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        57⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        57⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        56⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        56⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        55⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        55⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        54⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        54⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        53⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        53⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        52⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        52⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        51⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        51⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        50⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        50⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        49⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        49⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        48⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        48⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        47⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        47⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        46⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        46⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        45⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        45⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        44⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        44⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        43⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        43⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        42⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        42⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        41⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        41⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        40⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        40⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        39⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        39⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        38⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        38⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        37⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        37⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        36⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        36⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        35⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        35⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        34⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        34⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        33⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        33⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        32⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        32⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        31⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        31⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        30⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        30⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        29⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        29⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        28⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        28⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        27⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        27⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        26⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        26⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        25⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        25⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        24⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        24⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        23⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        23⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        22⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        22⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        21⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        21⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        20⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        20⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        19⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        19⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        18⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        18⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        17⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        17⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        16⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        16⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        15⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        15⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        14⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        14⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        13⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        13⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        12⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        12⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        11⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        11⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        7⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
      "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
      "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:432
- - C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
    "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5212
  - - C:\Windows\SysWOW64\notepad.exe
      notepad
      4⤵
      System Location Discovery: System Language Discovery
      PID:1772
- - C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
    "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5972
- C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE
  "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE"
  2⤵
  - Modifies WinLogon for persistence
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE" +s +h
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3180
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE" +s +h
      4⤵
      Sets file to hidden
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:5580
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4884
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
      4⤵
      Sets file to hidden
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:3440
- - C:\Windows\SysWOW64\notepad.exe
    notepad
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4484
- - C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
    "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4552
- C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE
  "C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:908
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:1868
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Program Files (x86)\DSL Subsystem\dslss.exe
1⤵
PID:3920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:4256
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:5664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:432
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:6024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:2656
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:2412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:4724
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:4964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:1548
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:3080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:5140
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:3860
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:1240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:5272
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:3052
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:5004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:116
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:4472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:1540
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5536
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:2124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:2208
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:1352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:2116
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:3560

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MSEDGE.EXE

Filesize
567KB

MD5
cf1cd7f520bbd4aff4a51f3dd176ebdf

SHA1
8aee2f95eb2b4a33e2e2ac1c917233a81fe2c6bc

SHA256
c63b71399802b4e604af2072be8478de196ff17458567af2932efd63a2cf2641

SHA512
3cc448705fb22f1189382c3f7cf101cad0ecbb745847b5c1084f1a9eb8f974b1f0ceb3a15e7b20c220a60d3ab0a28db2de2bebe8c54676fee61d358d7bd62415

Download Submit
C:\Users\Admin\AppData\Local\Temp\VLC MEDIA PLAYER.EXE

Filesize
251KB

MD5
42aee8a3fe46b4306bde92679a6d24f4

SHA1
f64851cba8882ba2629764458da5cff979a4ac7b

SHA256
2411aa77881e33b2d19e58b26c37fd93383e9fff1a3d0c3548272d9ea5b0a837

SHA512
3b024e18421464f8d37b4c028b485fafa8eef0bb762d35e1137c2e33b11c009e7cd10dc14335bdf91807253230d8239b753f277d3465bb7ef8a15a3aad9a7f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\WINDOWS SECURITY NANO.EXE

Filesize
209KB

MD5
172214b69dfbf053c83ff8e6b70842bc

SHA1
02e321757925f21b18c96d2e23d6e9a755df59ab

SHA256
da01598ba05a9467fa7cf76d9d212df75886eeeea30a633654dcdf29d8be90d9

SHA512
6b02e7dffd64a8cc7b83e7dcbfbd8d4dfb99f7cc13d5056ffb00efb51f7cf0431bb270b8afa394dbeb4e7b3558261c0ea6bd3a542bd82afd9fbc9c5227f83a42

Download Submit
memory/60-122-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/60-125-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/544-188-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/544-183-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1088-84-0x0000000073CB2000-0x0000000073CB3000-memory.dmp

Filesize
4KB

Download
memory/1088-39-0x0000000073CB0000-0x0000000074261000-memory.dmp

Filesize
5.7MB

Download
memory/1088-33-0x0000000073CB0000-0x0000000074261000-memory.dmp

Filesize
5.7MB

Download
memory/1088-30-0x0000000073CB2000-0x0000000073CB3000-memory.dmp

Filesize
4KB

Download
memory/1088-85-0x0000000073CB0000-0x0000000074261000-memory.dmp

Filesize
5.7MB

Download
memory/1088-94-0x0000000073CB0000-0x0000000074261000-memory.dmp

Filesize
5.7MB

Download
memory/1096-149-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1264-223-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1352-158-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1600-225-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1716-237-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1716-239-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1728-156-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1732-98-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1772-38-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/1824-232-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1824-236-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2016-209-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2016-213-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2056-218-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2056-216-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2092-215-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2368-234-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2448-154-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2548-169-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2696-193-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2696-195-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2704-162-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2704-80-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2704-77-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2928-173-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2944-167-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3132-197-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3212-231-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3212-227-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3344-177-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3344-179-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3428-67-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3428-25-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3428-191-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3428-189-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3428-29-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/3452-136-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3452-133-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3620-171-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3628-176-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3628-174-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3632-71-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3632-68-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3968-164-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4484-40-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/4516-204-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4536-60-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4536-221-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4536-219-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4544-147-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4544-143-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4552-63-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4552-66-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4604-153-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4708-112-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4748-57-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4756-52-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4756-55-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4832-186-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4832-184-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4920-142-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4920-145-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4976-48-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4976-44-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5024-160-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5044-139-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5060-151-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5212-34-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5212-91-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5276-182-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5276-180-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5284-119-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5400-130-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5480-226-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5480-229-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5512-110-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5512-115-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5520-207-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5520-205-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5644-88-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5664-100-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5664-95-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5664-211-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/5664-208-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/6004-200-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/6024-202-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/6024-198-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/6116-101-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/6116-108-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download