317fec4108f6d85caa5c1589b983a87dc665140390975d2f96e54a8ab1ab2d34

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-en-20211208
submitted
21-02-2022 23:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

000000090000-0990.exe
Size

1.5MB
MD5

dca3732857d10782f68df4c3e1b757a9
SHA1

95a0c95fee10a8e37fb0bcabff6e4b10924285d2
SHA256

c62943499b7fed80bf4e37ab525b622ef4fb7cc6b82ddb7b8d6fe75dabcaf363
SHA512

5ada13a7e67d59e38d57fccddac36cad71d2ccfff45945cc1274d310ecf4a79f756e865526a1d9d672d6200d0ae4215e5b7754b0b29e88debb5f9db873154ea0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

516 schtasks.exe

pid	process
516	schtasks.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe

pid	process
1640	000000090000-0990.exe
668	000000090000-0990.exe
556	000000090000-0990.exe
1860	000000090000-0990.exe
1800	000000090000-0990.exe
1176	000000090000-0990.exe
1828	000000090000-0990.exe
1000	000000090000-0990.exe
836	000000090000-0990.exe
2024	000000090000-0990.exe
1136	000000090000-0990.exe
1520	000000090000-0990.exe
964	000000090000-0990.exe
1244	000000090000-0990.exe
1656	000000090000-0990.exe
976	000000090000-0990.exe
1664	000000090000-0990.exe
1968	000000090000-0990.exe
2044	000000090000-0990.exe
1984	000000090000-0990.exe
1948	000000090000-0990.exe
1960	000000090000-0990.exe
1752	000000090000-0990.exe
888	000000090000-0990.exe
1612	000000090000-0990.exe
1584	000000090000-0990.exe
756	000000090000-0990.exe
1556	000000090000-0990.exe
460	000000090000-0990.exe
1920	000000090000-0990.exe
544	000000090000-0990.exe
1060	000000090000-0990.exe
604	000000090000-0990.exe
632	000000090000-0990.exe
1396	000000090000-0990.exe
1288	000000090000-0990.exe
292	000000090000-0990.exe
2020	000000090000-0990.exe
836	000000090000-0990.exe
2000	000000090000-0990.exe
1360	000000090000-0990.exe
1776	000000090000-0990.exe
1832	000000090000-0990.exe
1720	000000090000-0990.exe
1376	000000090000-0990.exe
1500	000000090000-0990.exe
1708	000000090000-0990.exe
1736	000000090000-0990.exe
880	000000090000-0990.exe
1148	000000090000-0990.exe
1256	000000090000-0990.exe
1700	000000090000-0990.exe
1588	000000090000-0990.exe
1696	000000090000-0990.exe
624	000000090000-0990.exe
1028	000000090000-0990.exe
580	000000090000-0990.exe
928	000000090000-0990.exe
516	000000090000-0990.exe
1820	000000090000-0990.exe
1732	000000090000-0990.exe
556	000000090000-0990.exe
1860	000000090000-0990.exe
1800	000000090000-0990.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

000000090000-0990.execmd.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe

description	pid	process	target process
PID 1640 wrote to memory of 1796	1640	000000090000-0990.exe	cmd.exe
PID 1640 wrote to memory of 1796	1640	000000090000-0990.exe	cmd.exe
PID 1640 wrote to memory of 1796	1640	000000090000-0990.exe	cmd.exe
PID 1640 wrote to memory of 1796	1640	000000090000-0990.exe	cmd.exe
PID 1796 wrote to memory of 516	1796	cmd.exe	schtasks.exe
PID 1796 wrote to memory of 516	1796	cmd.exe	schtasks.exe
PID 1796 wrote to memory of 516	1796	cmd.exe	schtasks.exe
PID 1796 wrote to memory of 516	1796	cmd.exe	schtasks.exe
PID 1640 wrote to memory of 1660	1640	000000090000-0990.exe	MSBuild.exe
PID 1640 wrote to memory of 1660	1640	000000090000-0990.exe	MSBuild.exe
PID 1640 wrote to memory of 1660	1640	000000090000-0990.exe	MSBuild.exe
PID 1640 wrote to memory of 1660	1640	000000090000-0990.exe	MSBuild.exe
PID 1640 wrote to memory of 668	1640	000000090000-0990.exe	000000090000-0990.exe
PID 1640 wrote to memory of 668	1640	000000090000-0990.exe	000000090000-0990.exe
PID 1640 wrote to memory of 668	1640	000000090000-0990.exe	000000090000-0990.exe
PID 1640 wrote to memory of 668	1640	000000090000-0990.exe	000000090000-0990.exe
PID 668 wrote to memory of 772	668	000000090000-0990.exe	MSBuild.exe
PID 668 wrote to memory of 772	668	000000090000-0990.exe	MSBuild.exe
PID 668 wrote to memory of 772	668	000000090000-0990.exe	MSBuild.exe
PID 668 wrote to memory of 772	668	000000090000-0990.exe	MSBuild.exe
PID 668 wrote to memory of 772	668	000000090000-0990.exe	MSBuild.exe
PID 668 wrote to memory of 556	668	000000090000-0990.exe	000000090000-0990.exe
PID 668 wrote to memory of 556	668	000000090000-0990.exe	000000090000-0990.exe
PID 668 wrote to memory of 556	668	000000090000-0990.exe	000000090000-0990.exe
PID 668 wrote to memory of 556	668	000000090000-0990.exe	000000090000-0990.exe
PID 556 wrote to memory of 1096	556	000000090000-0990.exe	MSBuild.exe
PID 556 wrote to memory of 1096	556	000000090000-0990.exe	MSBuild.exe
PID 556 wrote to memory of 1096	556	000000090000-0990.exe	MSBuild.exe
PID 556 wrote to memory of 1096	556	000000090000-0990.exe	MSBuild.exe
PID 556 wrote to memory of 1096	556	000000090000-0990.exe	MSBuild.exe
PID 556 wrote to memory of 1860	556	000000090000-0990.exe	000000090000-0990.exe
PID 556 wrote to memory of 1860	556	000000090000-0990.exe	000000090000-0990.exe
PID 556 wrote to memory of 1860	556	000000090000-0990.exe	000000090000-0990.exe
PID 556 wrote to memory of 1860	556	000000090000-0990.exe	000000090000-0990.exe
PID 1860 wrote to memory of 776	1860	000000090000-0990.exe	MSBuild.exe
PID 1860 wrote to memory of 776	1860	000000090000-0990.exe	MSBuild.exe
PID 1860 wrote to memory of 776	1860	000000090000-0990.exe	MSBuild.exe
PID 1860 wrote to memory of 776	1860	000000090000-0990.exe	MSBuild.exe
PID 1860 wrote to memory of 776	1860	000000090000-0990.exe	MSBuild.exe
PID 1860 wrote to memory of 1800	1860	000000090000-0990.exe	000000090000-0990.exe
PID 1860 wrote to memory of 1800	1860	000000090000-0990.exe	000000090000-0990.exe
PID 1860 wrote to memory of 1800	1860	000000090000-0990.exe	000000090000-0990.exe
PID 1860 wrote to memory of 1800	1860	000000090000-0990.exe	000000090000-0990.exe
PID 1800 wrote to memory of 688	1800	000000090000-0990.exe	MSBuild.exe
PID 1800 wrote to memory of 688	1800	000000090000-0990.exe	MSBuild.exe
PID 1800 wrote to memory of 688	1800	000000090000-0990.exe	MSBuild.exe
PID 1800 wrote to memory of 688	1800	000000090000-0990.exe	MSBuild.exe
PID 1800 wrote to memory of 688	1800	000000090000-0990.exe	MSBuild.exe
PID 1800 wrote to memory of 1176	1800	000000090000-0990.exe	000000090000-0990.exe
PID 1800 wrote to memory of 1176	1800	000000090000-0990.exe	000000090000-0990.exe
PID 1800 wrote to memory of 1176	1800	000000090000-0990.exe	000000090000-0990.exe
PID 1800 wrote to memory of 1176	1800	000000090000-0990.exe	000000090000-0990.exe
PID 1176 wrote to memory of 1108	1176	000000090000-0990.exe	MSBuild.exe
PID 1176 wrote to memory of 1108	1176	000000090000-0990.exe	MSBuild.exe
PID 1176 wrote to memory of 1108	1176	000000090000-0990.exe	MSBuild.exe
PID 1176 wrote to memory of 1108	1176	000000090000-0990.exe	MSBuild.exe
PID 1176 wrote to memory of 1108	1176	000000090000-0990.exe	MSBuild.exe
PID 1176 wrote to memory of 1828	1176	000000090000-0990.exe	000000090000-0990.exe
PID 1176 wrote to memory of 1828	1176	000000090000-0990.exe	000000090000-0990.exe
PID 1176 wrote to memory of 1828	1176	000000090000-0990.exe	000000090000-0990.exe
PID 1176 wrote to memory of 1828	1176	000000090000-0990.exe	000000090000-0990.exe
PID 1828 wrote to memory of 1780	1828	000000090000-0990.exe	MSBuild.exe
PID 1828 wrote to memory of 1780	1828	000000090000-0990.exe	MSBuild.exe
PID 1828 wrote to memory of 1780	1828	000000090000-0990.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c schtasks /Create /TN name /XML "C:\Users\Admin\AppData\Local\Temp\39f3642c01e5456a9e5b83f9a108aa0b.xml"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /Create /TN name /XML "C:\Users\Admin\AppData\Local\Temp\39f3642c01e5456a9e5b83f9a108aa0b.xml"
    3⤵
    - Creates scheduled task(s)
    PID:516
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
  2⤵
  PID:1660
- C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
  "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
  2⤵
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:668
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
    3⤵
    PID:772
- - C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
    "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
    3⤵
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
      4⤵
      PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
      "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
      4⤵
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:1860
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        5⤵
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        5⤵
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:1800
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        6⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        6⤵
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:1176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        7⤵
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:1828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        8⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        9⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        9⤵
        Suspicious behavior: MapViewOfSection
        
        PID:836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        10⤵
        Suspicious behavior: MapViewOfSection
        
        PID:2024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        11⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        11⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        12⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        12⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        13⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        13⤵
        Suspicious behavior: MapViewOfSection
        
        PID:964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        14⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        14⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        15⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        15⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        16⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        16⤵
        Suspicious behavior: MapViewOfSection
        
        PID:976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        17⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        17⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        18⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        18⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        19⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        19⤵
        Suspicious behavior: MapViewOfSection
        
        PID:2044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        20⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        20⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        21⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        21⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        22⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        22⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        23⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        23⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        24⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        24⤵
        Suspicious behavior: MapViewOfSection
        
        PID:888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        25⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        25⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        26⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        26⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        27⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        27⤵
        Suspicious behavior: MapViewOfSection
        
        PID:756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        28⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        28⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        29⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        29⤵
        Suspicious behavior: MapViewOfSection
        
        PID:460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        30⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        30⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        31⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        31⤵
        Suspicious behavior: MapViewOfSection
        
        PID:544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        32⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        32⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        33⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        33⤵
        Suspicious behavior: MapViewOfSection
        
        PID:604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        34⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        34⤵
        Suspicious behavior: MapViewOfSection
        
        PID:632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        35⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        35⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1396
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        36⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        36⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        37⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        37⤵
        Suspicious behavior: MapViewOfSection
        
        PID:292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        38⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        38⤵
        Suspicious behavior: MapViewOfSection
        
        PID:2020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        39⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        39⤵
        Suspicious behavior: MapViewOfSection
        
        PID:836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        40⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        40⤵
        Suspicious behavior: MapViewOfSection
        
        PID:2000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        41⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        41⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        42⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        42⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        43⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        43⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1832
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        44⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        44⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        45⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        45⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        46⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        46⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        47⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        47⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        48⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        48⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1736
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        49⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        49⤵
        Suspicious behavior: MapViewOfSection
        
        PID:880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        50⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        50⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        51⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        51⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        52⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        52⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        53⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        53⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        54⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        54⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        55⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        55⤵
        Suspicious behavior: MapViewOfSection
        
        PID:624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        56⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        56⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        57⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        57⤵
        Suspicious behavior: MapViewOfSection
        
        PID:580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        58⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        58⤵
        Suspicious behavior: MapViewOfSection
        
        PID:928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        59⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        59⤵
        Suspicious behavior: MapViewOfSection
        
        PID:516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        60⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        60⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        61⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        61⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        62⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        62⤵
        Suspicious behavior: MapViewOfSection
        
        PID:556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        63⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        63⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        64⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        64⤵
        Suspicious behavior: MapViewOfSection
        
        PID:1800
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        65⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        65⤵
        
        PID:1176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        66⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        66⤵
        
        PID:1828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        67⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        67⤵
        
        PID:1000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        68⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        68⤵
        
        PID:2004
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        69⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        69⤵
        
        PID:1140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        70⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        70⤵
        
        PID:672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        71⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        71⤵
        
        PID:1524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        72⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        72⤵
        
        PID:1468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        73⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        73⤵
        
        PID:1680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        74⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        74⤵
        
        PID:1676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        75⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        75⤵
        
        PID:1484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        76⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        76⤵
        
        PID:1488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        77⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        77⤵
        
        PID:1304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        78⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        78⤵
        
        PID:1156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        79⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        79⤵
        
        PID:1280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        80⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        80⤵
        
        PID:1576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        81⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        81⤵
        
        PID:1584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        82⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        82⤵
        
        PID:1028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        83⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        83⤵
        
        PID:1660
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        84⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        84⤵
        
        PID:588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        85⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        85⤵
        
        PID:268
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        86⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        86⤵
        
        PID:1096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        87⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        87⤵
        
        PID:1716
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        88⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        88⤵
        
        PID:1564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        89⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        89⤵
        
        PID:1608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        90⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        90⤵
        
        PID:1048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        91⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        91⤵
        
        PID:948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        92⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        92⤵
        
        PID:1928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        93⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        93⤵
        
        PID:1512
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        94⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        94⤵
        
        PID:864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        95⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        95⤵
        
        PID:1288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        96⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        96⤵
        
        PID:292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        97⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        97⤵
        
        PID:2020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        98⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        98⤵
        
        PID:836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        99⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        99⤵
        
        PID:1300
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        100⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        100⤵
        
        PID:1360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        101⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        101⤵
        
        PID:1776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        102⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        102⤵
        
        PID:1668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        103⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        103⤵
        
        PID:860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        104⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        104⤵
        
        PID:1148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        105⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        105⤵
        
        PID:740
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        106⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        106⤵
        
        PID:1488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        107⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        107⤵
        
        PID:1304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        108⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        108⤵
        
        PID:1156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        109⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        109⤵
        
        PID:1280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        110⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        110⤵
        
        PID:1560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        111⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        111⤵
        
        PID:1580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        112⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        112⤵
        
        PID:280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        113⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        113⤵
        
        PID:1556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        114⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        114⤵
        
        PID:460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        115⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        115⤵
        
        PID:1376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        116⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        116⤵
        
        PID:1244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        117⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        117⤵
        
        PID:1796
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        118⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        118⤵
        
        PID:1920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        119⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        119⤵
        
        PID:544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        120⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        120⤵
        
        PID:1064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        121⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        121⤵
        
        PID:1804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        122⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        122⤵
        
        PID:776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        123⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        123⤵
        
        PID:688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        124⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        124⤵
        
        PID:1108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        125⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        125⤵
        
        PID:1780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        126⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        126⤵
        
        PID:1512
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        127⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        127⤵
        
        PID:864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        128⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        128⤵
        
        PID:1288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        129⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        129⤵
        
        PID:292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        130⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        130⤵
        
        PID:2020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        131⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        131⤵
        
        PID:1620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        132⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        132⤵
        
        PID:1300
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        133⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        133⤵
        
        PID:1360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        134⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        134⤵
        
        PID:1680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        135⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        135⤵
        
        PID:1668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        136⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        136⤵
        
        PID:820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        137⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        137⤵
        
        PID:1052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        138⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        138⤵
        
        PID:1960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        139⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        139⤵
        
        PID:1756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        140⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        140⤵
        
        PID:888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        141⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
        
        "C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
        141⤵
        
        PID:1596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\39f3642c01e5456a9e5b83f9a108aa0b.xml

MD5
8cf58047e7724b4448c58879852c31ff

SHA1
ef96ec55fef577ff2b63aa4e04fad5e21c7e8db4

SHA256
533fa10b236e674ce4fb0002956e88939b1b7a3f72ba3c04c33dcf27171e492f

SHA512
9745b463cf257059ee3b6dda45cc3c6e620341bd5daa92af5bde553ccc2dd88ca56d81ceea27de65128fe650b1c442e9772bc01a7fe3afc690ffc5ac5e8d436b

Download Submit
memory/292-92-0x00000000003FA000-0x0000000000400000-memory.dmp

Filesize
24KB

Download
memory/460-84-0x000000000024B000-0x0000000000250000-memory.dmp

Filesize
20KB

Download
memory/516-114-0x000000000033A000-0x0000000000340000-memory.dmp

Filesize
24KB

Download
memory/544-86-0x000000000033A000-0x0000000000340000-memory.dmp

Filesize
24KB

Download
memory/556-117-0x000000000014A000-0x0000000000150000-memory.dmp

Filesize
24KB

Download
memory/556-58-0x000000000037A000-0x0000000000380000-memory.dmp

Filesize
24KB

Download
memory/580-112-0x000000000022A000-0x0000000000230000-memory.dmp

Filesize
24KB

Download
memory/604-88-0x00000000002CB000-0x00000000002D0000-memory.dmp

Filesize
20KB

Download
memory/624-110-0x00000000003AB000-0x00000000003B0000-memory.dmp

Filesize
20KB

Download
memory/632-89-0x000000000042B000-0x0000000000430000-memory.dmp

Filesize
20KB

Download
memory/668-57-0x000000000032B000-0x0000000000330000-memory.dmp

Filesize
20KB

Download
memory/756-82-0x00000000003BB000-0x00000000003C0000-memory.dmp

Filesize
20KB

Download
memory/836-94-0x000000000028B000-0x0000000000290000-memory.dmp

Filesize
20KB

Download
memory/836-64-0x000000000020A000-0x0000000000210000-memory.dmp

Filesize
24KB

Download
memory/880-104-0x000000000028B000-0x0000000000290000-memory.dmp

Filesize
20KB

Download
memory/888-79-0x00000000003EA000-0x00000000003F0000-memory.dmp

Filesize
24KB

Download
memory/928-113-0x000000000014A000-0x0000000000150000-memory.dmp

Filesize
24KB

Download
memory/964-68-0x000000000039A000-0x00000000003A0000-memory.dmp

Filesize
24KB

Download
memory/976-71-0x000000000016A000-0x0000000000170000-memory.dmp

Filesize
24KB

Download
memory/1000-63-0x000000000018B000-0x0000000000190000-memory.dmp

Filesize
20KB

Download
memory/1028-111-0x00000000002CA000-0x00000000002D0000-memory.dmp

Filesize
24KB

Download
memory/1060-87-0x00000000002AA000-0x00000000002B0000-memory.dmp

Filesize
24KB

Download
memory/1136-66-0x000000000028A000-0x0000000000290000-memory.dmp

Filesize
24KB

Download
memory/1148-105-0x000000000043B000-0x0000000000440000-memory.dmp

Filesize
20KB

Download
memory/1176-61-0x000000000036A000-0x0000000000370000-memory.dmp

Filesize
24KB

Download
memory/1244-69-0x000000000026A000-0x0000000000270000-memory.dmp

Filesize
24KB

Download
memory/1256-106-0x00000000002BA000-0x00000000002C0000-memory.dmp

Filesize
24KB

Download
memory/1288-91-0x000000000030A000-0x0000000000310000-memory.dmp

Filesize
24KB

Download
memory/1360-96-0x000000000041A000-0x0000000000420000-memory.dmp

Filesize
24KB

Download
memory/1376-100-0x00000000002EA000-0x00000000002F0000-memory.dmp

Filesize
24KB

Download
memory/1396-90-0x000000000032A000-0x0000000000330000-memory.dmp

Filesize
24KB

Download
memory/1500-101-0x000000000039A000-0x00000000003A0000-memory.dmp

Filesize
24KB

Download
memory/1520-67-0x000000000020A000-0x0000000000210000-memory.dmp

Filesize
24KB

Download
memory/1556-83-0x000000000044B000-0x0000000000450000-memory.dmp

Filesize
20KB

Download
memory/1584-81-0x000000000045A000-0x0000000000460000-memory.dmp

Filesize
24KB

Download
memory/1588-108-0x000000000026A000-0x0000000000270000-memory.dmp

Filesize
24KB

Download
memory/1612-80-0x000000000045A000-0x0000000000460000-memory.dmp

Filesize
24KB

Download
memory/1640-54-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/1640-56-0x00000000001AA000-0x00000000001B0000-memory.dmp

Filesize
24KB

Download
memory/1656-70-0x00000000003DA000-0x00000000003E0000-memory.dmp

Filesize
24KB

Download
memory/1664-72-0x00000000002AB000-0x00000000002B0000-memory.dmp

Filesize
20KB

Download
memory/1696-109-0x00000000001CA000-0x00000000001D0000-memory.dmp

Filesize
24KB

Download
memory/1700-107-0x000000000032B000-0x0000000000330000-memory.dmp

Filesize
20KB

Download
memory/1708-102-0x00000000003EB000-0x00000000003F0000-memory.dmp

Filesize
20KB

Download
memory/1720-99-0x00000000001CB000-0x00000000001D0000-memory.dmp

Filesize
20KB

Download
memory/1732-116-0x000000000039A000-0x00000000003A0000-memory.dmp

Filesize
24KB

Download
memory/1736-103-0x000000000031A000-0x0000000000320000-memory.dmp

Filesize
24KB

Download
memory/1752-78-0x00000000003BB000-0x00000000003C0000-memory.dmp

Filesize
20KB

Download
memory/1776-97-0x00000000001AA000-0x00000000001B0000-memory.dmp

Filesize
24KB

Download
memory/1800-60-0x00000000003AA000-0x00000000003B0000-memory.dmp

Filesize
24KB

Download
memory/1800-119-0x000000000016A000-0x0000000000170000-memory.dmp

Filesize
24KB

Download
memory/1820-115-0x000000000041B000-0x0000000000420000-memory.dmp

Filesize
20KB

Download
memory/1828-62-0x000000000036A000-0x0000000000370000-memory.dmp

Filesize
24KB

Download
memory/1832-98-0x00000000003CA000-0x00000000003D0000-memory.dmp

Filesize
24KB

Download
memory/1860-59-0x00000000002EA000-0x00000000002F0000-memory.dmp

Filesize
24KB

Download
memory/1860-118-0x000000000028A000-0x0000000000290000-memory.dmp

Filesize
24KB

Download
memory/1920-85-0x00000000003DA000-0x00000000003E0000-memory.dmp

Filesize
24KB

Download
memory/1948-76-0x000000000030B000-0x0000000000310000-memory.dmp

Filesize
20KB

Download
memory/1960-77-0x000000000016A000-0x0000000000170000-memory.dmp

Filesize
24KB

Download
memory/1968-73-0x00000000003DA000-0x00000000003E0000-memory.dmp

Filesize
24KB

Download
memory/1984-75-0x000000000036A000-0x0000000000370000-memory.dmp

Filesize
24KB

Download
memory/2000-95-0x000000000018A000-0x0000000000190000-memory.dmp

Filesize
24KB

Download
memory/2020-93-0x00000000003CB000-0x00000000003D0000-memory.dmp

Filesize
20KB

Download
memory/2024-65-0x000000000032A000-0x0000000000330000-memory.dmp

Filesize
24KB

Download
memory/2044-74-0x000000000024A000-0x0000000000250000-memory.dmp

Filesize
24KB

Download