e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

Analysis

max time kernel
24s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe
Size

447KB
MD5

58ae815d5b7ad4577317beffcae3d580
SHA1

fea4373e6988f5f4f09304550c2e3210dcd6b34c
SHA256

e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631
SHA512

c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68
SSDEEP

6144:EXhCRhrDPqNSDyDRO1thpwNSDyDIkFthphZX:vR9PySDyo1tjUSDyTFtjhZ

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1932	notpad.exe
944	tmp7076033.exe
852	tmp7076205.exe
1728	notpad.exe
908	tmp7076735.exe
1276	tmp7076860.exe
1956	notpad.exe
776	tmp7077156.exe
1516	tmp7077328.exe
1872	notpad.exe
1008	tmp7077718.exe
1620	tmp7077921.exe
680	notpad.exe
748	tmp7078248.exe
668	tmp7078389.exe
280	notpad.exe
2008	tmp7079231.exe
1936	notpad.exe
1600	tmp7079372.exe
828	tmp7079559.exe
1932	tmp7079777.exe
852	tmp7079793.exe
2028	notpad.exe
2044	tmp7079840.exe
892	tmp7079886.exe
1612	tmp7079949.exe
1772	tmp7080042.exe
1280	tmp7080089.exe
1996	notpad.exe
1132	tmp7080245.exe
112	notpad.exe
1420	tmp7080292.exe
1424	tmp7080526.exe
1956	tmp7080323.exe
1200	tmp7080588.exe
332	tmp7080885.exe
1212	notpad.exe
1204	tmp7080994.exe
1536	notpad.exe
1484	tmp7081103.exe
1552	tmp7081306.exe
328	tmp7081088.exe
1008	tmp7081041.exe
2012	tmp7081493.exe
1252	tmp7081571.exe
588	tmp7081634.exe
668	notpad.exe
1632	tmp7081665.exe
1140	tmp7081774.exe
1504	notpad.exe
2008	tmp7081790.exe
280	tmp7081899.exe
980	tmp7082055.exe
828	tmp7081868.exe
1932	notpad.exe
1992	tmp7082476.exe
2044	tmp7082492.exe
1700	tmp7082570.exe
1276	tmp7082975.exe
2028	tmp7082991.exe
1692	notpad.exe
892	tmp7082928.exe
1456	tmp7083069.exe
908	tmp7083084.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000900000001339d-55.dat	upx
behavioral1/files/0x000900000001339d-56.dat	upx
behavioral1/files/0x000900000001339d-58.dat	upx
behavioral1/files/0x000900000001339d-59.dat	upx
behavioral1/files/0x000c0000000054a8-65.dat	upx
behavioral1/memory/1932-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x000900000001339d-73.dat	upx
behavioral1/files/0x000900000001339d-74.dat	upx
behavioral1/files/0x000900000001339d-76.dat	upx
behavioral1/files/0x000c0000000054a8-84.dat	upx
behavioral1/memory/1728-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x000900000001339d-90.dat	upx
behavioral1/files/0x000900000001339d-91.dat	upx
behavioral1/files/0x000900000001339d-93.dat	upx
behavioral1/memory/1956-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x000900000001339d-107.dat	upx
behavioral1/files/0x000c0000000054a8-104.dat	upx
behavioral1/files/0x000900000001339d-108.dat	upx
behavioral1/files/0x000900000001339d-110.dat	upx
behavioral1/files/0x000c0000000054a8-116.dat	upx
behavioral1/files/0x000900000001339d-119.dat	upx
behavioral1/memory/1872-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x000900000001339d-127.dat	upx
behavioral1/files/0x000900000001339d-120.dat	upx
behavioral1/memory/680-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x000c0000000054a8-139.dat	upx
behavioral1/files/0x000a00000001339d-142.dat	upx
behavioral1/files/0x000a00000001339d-143.dat	upx
behavioral1/files/0x000a00000001339d-145.dat	upx
behavioral1/files/0x000a00000001339d-146.dat	upx
behavioral1/files/0x000a00000001339d-151.dat	upx
behavioral1/memory/280-154-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1936-159-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1600-163-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2028-168-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/852-169-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2028-172-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/852-176-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1772-184-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1996-188-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/112-190-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1200-205-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1536-209-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1212-206-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/332-212-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/668-215-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1252-217-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2012-218-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1252-222-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2012-224-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1504-233-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1932-238-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/668-235-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2044-246-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1992-251-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1276-253-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1692-254-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/776-261-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/888-260-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1996-258-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/888-263-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/776-266-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/692-268-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Loads dropped DLL 64 IoCs

pid	Process
1660	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe
1660	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe
1932	notpad.exe
1932	notpad.exe
1932	notpad.exe
944	tmp7076033.exe
944	tmp7076033.exe
1728	notpad.exe
1728	notpad.exe
1728	notpad.exe
908	tmp7076735.exe
908	tmp7076735.exe
1956	notpad.exe
1956	notpad.exe
1956	notpad.exe
776	tmp7077156.exe
776	tmp7077156.exe
1872	notpad.exe
1872	notpad.exe
1008	tmp7077718.exe
1008	tmp7077718.exe
1872	notpad.exe
680	notpad.exe
680	notpad.exe
680	notpad.exe
748	tmp7078248.exe
748	tmp7078248.exe
280	notpad.exe
280	notpad.exe
2008	tmp7079231.exe
2008	tmp7079231.exe
280	notpad.exe
1936	notpad.exe
280	notpad.exe
1936	notpad.exe
1600	tmp7079372.exe
1600	tmp7079372.exe
1936	notpad.exe
1936	notpad.exe
828	tmp7079559.exe
1600	tmp7079372.exe
828	tmp7079559.exe
852	tmp7079793.exe
852	tmp7079793.exe
2028	notpad.exe
2028	notpad.exe
2028	notpad.exe
2028	notpad.exe
852	tmp7079793.exe
892	tmp7079886.exe
892	tmp7079886.exe
1772	tmp7080042.exe
1772	tmp7080042.exe
1132	tmp7080245.exe
1132	tmp7080245.exe
1996	notpad.exe
1996	notpad.exe
1772	tmp7080042.exe
112	notpad.exe
112	notpad.exe
1996	notpad.exe
1996	notpad.exe
112	notpad.exe
112	notpad.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7081103.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7082928.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7076033.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7080245.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7084925.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7088389.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7080994.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7081103.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7085799.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7088591.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7088888.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7107343.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7084395.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7076033.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7080292.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7086173.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7088591.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7077718.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7079559.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7082570.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7082928.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7086298.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7107343.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7083428.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7083428.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7086173.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7079886.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7079886.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7080292.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7082570.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7084021.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7084785.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7088591.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7103489.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7077718.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7083818.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7084021.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7084395.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7085627.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7086173.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7088888.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7079559.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7080994.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7082055.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7085378.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7085799.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7076735.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7076735.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7077156.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7077718.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7080245.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7088888.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7087765.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7076735.exe
File opened for modification	C:\Windows\SysWOW64\fsb.stb	tmp7080994.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7081103.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7081665.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7082055.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7082570.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7086173.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7079886.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7079886.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7086298.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 37 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086298.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7080292.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7088389.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7088591.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7080245.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7107343.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7077156.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7078248.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7079559.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7079886.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7083818.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086719.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7088888.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7081103.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7081665.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7084645.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7080994.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7082055.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7082928.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7083428.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7084395.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7076033.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7076735.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7079231.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086173.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086470.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7087765.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7085627.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7085799.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7077718.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7082570.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7084785.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7103489.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7084021.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7084925.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7085378.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1932	1660	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe	28
PID 1660 wrote to memory of 1932	1660	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe	28
PID 1660 wrote to memory of 1932	1660	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe	28
PID 1660 wrote to memory of 1932	1660	e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe	28
PID 1932 wrote to memory of 944	1932	notpad.exe	29
PID 1932 wrote to memory of 944	1932	notpad.exe	29
PID 1932 wrote to memory of 944	1932	notpad.exe	29
PID 1932 wrote to memory of 944	1932	notpad.exe	29
PID 1932 wrote to memory of 852	1932	notpad.exe	30
PID 1932 wrote to memory of 852	1932	notpad.exe	30
PID 1932 wrote to memory of 852	1932	notpad.exe	30
PID 1932 wrote to memory of 852	1932	notpad.exe	30
PID 944 wrote to memory of 1728	944	tmp7076033.exe	31
PID 944 wrote to memory of 1728	944	tmp7076033.exe	31
PID 944 wrote to memory of 1728	944	tmp7076033.exe	31
PID 944 wrote to memory of 1728	944	tmp7076033.exe	31
PID 1728 wrote to memory of 908	1728	notpad.exe	32
PID 1728 wrote to memory of 908	1728	notpad.exe	32
PID 1728 wrote to memory of 908	1728	notpad.exe	32
PID 1728 wrote to memory of 908	1728	notpad.exe	32
PID 1728 wrote to memory of 1276	1728	notpad.exe	33
PID 1728 wrote to memory of 1276	1728	notpad.exe	33
PID 1728 wrote to memory of 1276	1728	notpad.exe	33
PID 1728 wrote to memory of 1276	1728	notpad.exe	33
PID 908 wrote to memory of 1956	908	tmp7076735.exe	34
PID 908 wrote to memory of 1956	908	tmp7076735.exe	34
PID 908 wrote to memory of 1956	908	tmp7076735.exe	34
PID 908 wrote to memory of 1956	908	tmp7076735.exe	34
PID 1956 wrote to memory of 776	1956	notpad.exe	35
PID 1956 wrote to memory of 776	1956	notpad.exe	35
PID 1956 wrote to memory of 776	1956	notpad.exe	35
PID 1956 wrote to memory of 776	1956	notpad.exe	35
PID 1956 wrote to memory of 1516	1956	notpad.exe	36
PID 1956 wrote to memory of 1516	1956	notpad.exe	36
PID 1956 wrote to memory of 1516	1956	notpad.exe	36
PID 1956 wrote to memory of 1516	1956	notpad.exe	36
PID 776 wrote to memory of 1872	776	tmp7077156.exe	37
PID 776 wrote to memory of 1872	776	tmp7077156.exe	37
PID 776 wrote to memory of 1872	776	tmp7077156.exe	37
PID 776 wrote to memory of 1872	776	tmp7077156.exe	37
PID 1872 wrote to memory of 1008	1872	notpad.exe	38
PID 1872 wrote to memory of 1008	1872	notpad.exe	38
PID 1872 wrote to memory of 1008	1872	notpad.exe	38
PID 1872 wrote to memory of 1008	1872	notpad.exe	38
PID 1008 wrote to memory of 680	1008	tmp7077718.exe	39
PID 1008 wrote to memory of 680	1008	tmp7077718.exe	39
PID 1008 wrote to memory of 680	1008	tmp7077718.exe	39
PID 1008 wrote to memory of 680	1008	tmp7077718.exe	39
PID 1872 wrote to memory of 1620	1872	notpad.exe	40
PID 1872 wrote to memory of 1620	1872	notpad.exe	40
PID 1872 wrote to memory of 1620	1872	notpad.exe	40
PID 1872 wrote to memory of 1620	1872	notpad.exe	40
PID 680 wrote to memory of 748	680	notpad.exe	41
PID 680 wrote to memory of 748	680	notpad.exe	41
PID 680 wrote to memory of 748	680	notpad.exe	41
PID 680 wrote to memory of 748	680	notpad.exe	41
PID 680 wrote to memory of 668	680	notpad.exe	42
PID 680 wrote to memory of 668	680	notpad.exe	42
PID 680 wrote to memory of 668	680	notpad.exe	42
PID 680 wrote to memory of 668	680	notpad.exe	42
PID 748 wrote to memory of 280	748	tmp7078248.exe	43
PID 748 wrote to memory of 280	748	tmp7078248.exe	43
PID 748 wrote to memory of 280	748	tmp7078248.exe	43
PID 748 wrote to memory of 280	748	tmp7078248.exe	43

C:\Users\Admin\AppData\Local\Temp\e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe
"C:\Users\Admin\AppData\Local\Temp\e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\tmp7076033.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7076033.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\tmp7076735.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7076735.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:908
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077156.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077156.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:776
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077718.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077718.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1008
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7078248.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7078248.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:748
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079231.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079231.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2008
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079559.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079559.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:828
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079949.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079949.exe
        17⤵
        Executes dropped EXE
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080042.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080042.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080245.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080245.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:1132
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080526.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080526.exe
        20⤵
        Executes dropped EXE
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080885.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080885.exe
        20⤵
        Executes dropped EXE
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081041.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081041.exe
        21⤵
        Executes dropped EXE
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081634.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081634.exe
        21⤵
        Executes dropped EXE
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080323.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080323.exe
        18⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079793.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079793.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079886.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079886.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:892
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080292.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080292.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1420
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        19⤵
        Executes dropped EXE
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081103.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081103.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1484
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        21⤵
        Executes dropped EXE
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081868.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081868.exe
        22⤵
        Executes dropped EXE
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\tmp7082492.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7082492.exe
        22⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tmp7082991.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7082991.exe
        23⤵
        Executes dropped EXE
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083069.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083069.exe
        23⤵
        Executes dropped EXE
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081493.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081493.exe
        20⤵
        Executes dropped EXE
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081790.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081790.exe
        21⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080588.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080588.exe
        18⤵
        Executes dropped EXE
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080994.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080994.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1204
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        20⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081306.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081306.exe
        21⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081571.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081571.exe
        21⤵
        Executes dropped EXE
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081774.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081774.exe
        22⤵
        Executes dropped EXE
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081899.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081899.exe
        22⤵
        Executes dropped EXE
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081088.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7081088.exe
        19⤵
        Executes dropped EXE
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080089.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7080089.exe
        16⤵
        Executes dropped EXE
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079372.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079372.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079777.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079777.exe
        14⤵
        Executes dropped EXE
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079840.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7079840.exe
        14⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tmp7078389.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7078389.exe
        11⤵
        Executes dropped EXE
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077921.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077921.exe
        9⤵
        Executes dropped EXE
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077328.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7077328.exe
        7⤵
        Executes dropped EXE
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\tmp7076860.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7076860.exe
        5⤵
        Executes dropped EXE
        
        PID:1276
- - C:\Users\Admin\AppData\Local\Temp\tmp7076205.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7076205.exe
    3⤵
    - Executes dropped EXE
    PID:852

C:\Users\Admin\AppData\Local\Temp\tmp7081665.exe
C:\Users\Admin\AppData\Local\Temp\tmp7081665.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
PID:1632
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  - Executes dropped EXE
  PID:1504
- - C:\Users\Admin\AppData\Local\Temp\tmp7082055.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7082055.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    PID:980
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      Executes dropped EXE
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\tmp7082570.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7082570.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1700
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083131.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083131.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083272.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083272.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083724.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083724.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083755.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083755.exe
        8⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\tmp7082975.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7082975.exe
        5⤵
        Executes dropped EXE
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\tmp7083084.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083084.exe
        6⤵
        Executes dropped EXE
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\tmp7083303.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083303.exe
        6⤵
        
        PID:1096
    - - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        5⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\tmp7103333.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103333.exe
        6⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        7⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\tmp7103411.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103411.exe
        6⤵
        
        PID:1912
- - C:\Users\Admin\AppData\Local\Temp\tmp7082476.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7082476.exe
    3⤵
    - Executes dropped EXE
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\tmp7082928.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7082928.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      PID:892
    - - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\tmp7083428.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083428.exe
        6⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:112
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        7⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083896.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083896.exe
        8⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083943.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083943.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084317.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084317.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084379.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084379.exe
        9⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\tmp7083708.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083708.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083818.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083818.exe
        7⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:432
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084021.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084021.exe
        9⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1484
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084551.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084551.exe
        11⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084598.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084598.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084676.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084676.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084723.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084723.exe
        12⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084333.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084333.exe
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084395.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084395.exe
        10⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:332
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        11⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084645.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084645.exe
        12⤵
        Modifies registry class
        
        PID:2008
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        13⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084785.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084785.exe
        14⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1400
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        15⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084925.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084925.exe
        16⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1700
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        17⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085409.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085409.exe
        18⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085565.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085565.exe
        18⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085674.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085674.exe
        19⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085768.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085768.exe
        19⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099667.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099667.exe
        20⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085300.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085300.exe
        16⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085378.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085378.exe
        17⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1112
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        18⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085627.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085627.exe
        19⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1524
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        20⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085877.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085877.exe
        21⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085924.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085924.exe
        21⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086173.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086173.exe
        22⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1200
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        23⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086298.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086298.exe
        24⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1660
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        25⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086470.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086470.exe
        26⤵
        Modifies registry class
        
        PID:1824
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        27⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086719.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086719.exe
        28⤵
        Modifies registry class
        
        PID:1432
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        29⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087765.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087765.exe
        30⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:828
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        31⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088389.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088389.exe
        32⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1696
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        33⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088591.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088591.exe
        34⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1956
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        35⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088888.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088888.exe
        36⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1692
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        37⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098419.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098419.exe
        38⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098451.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098451.exe
        38⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098591.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098591.exe
        39⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        40⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098965.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098965.exe
        41⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099137.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099137.exe
        42⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099231.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099231.exe
        42⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099496.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099496.exe
        43⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099636.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099636.exe
        43⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098825.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098825.exe
        41⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098653.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098653.exe
        39⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098763.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098763.exe
        40⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        41⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098950.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098950.exe
        42⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        43⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103302.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103302.exe
        43⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103614.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103614.exe
        44⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103443.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103443.exe
        44⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102990.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102990.exe
        43⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099028.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099028.exe
        42⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098809.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098809.exe
        40⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098295.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098295.exe
        36⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098435.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098435.exe
        37⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103848.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103848.exe
        38⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103677.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103677.exe
        38⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098497.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098497.exe
        37⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098638.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098638.exe
        38⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098669.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098669.exe
        38⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103209.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103209.exe
        35⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103271.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103271.exe
        35⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103365.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103365.exe
        36⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103489.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103489.exe
        36⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088607.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088607.exe
        34⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088732.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088732.exe
        35⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088810.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088810.exe
        35⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098263.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098263.exe
        36⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        37⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098622.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098622.exe
        38⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098731.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098731.exe
        38⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099012.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099012.exe
        39⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098887.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098887.exe
        39⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103006.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103006.exe
        40⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102928.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102928.exe
        40⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098404.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098404.exe
        36⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088482.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088482.exe
        32⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088576.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088576.exe
        33⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088623.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088623.exe
        33⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088747.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088747.exe
        34⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088841.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088841.exe
        34⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103365.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103365.exe
        34⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103521.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103521.exe
        34⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        33⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099917.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099917.exe
        34⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100822.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100822.exe
        35⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        36⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103099.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103099.exe
        37⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102943.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102943.exe
        37⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102803.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102803.exe
        35⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103318.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103318.exe
        32⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103068.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103068.exe
        32⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087858.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087858.exe
        30⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087905.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087905.exe
        31⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087921.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087921.exe
        31⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088404.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088404.exe
        32⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088435.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088435.exe
        32⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086517.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086517.exe
        26⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087671.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087671.exe
        27⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102881.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102881.exe
        28⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102959.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102959.exe
        28⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087733.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087733.exe
        27⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086314.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086314.exe
        24⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086392.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086392.exe
        25⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086407.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086407.exe
        25⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086189.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086189.exe
        22⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085659.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085659.exe
        19⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085799.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085799.exe
        20⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:584
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        21⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086064.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086064.exe
        22⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085861.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085861.exe
        20⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085471.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085471.exe
        17⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099355.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099355.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099652.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099652.exe
        16⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099309.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099309.exe
        15⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084832.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084832.exe
        14⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084972.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084972.exe
        15⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103583.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103583.exe
        16⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103864.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103864.exe
        16⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104145.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104145.exe
        17⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104519.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104519.exe
        17⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085347.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7085347.exe
        15⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084738.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084738.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084816.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084816.exe
        13⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084894.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084894.exe
        13⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084442.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7084442.exe
        10⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083927.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7083927.exe
        7⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\tmp7193502.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7193502.exe
        5⤵
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\tmp7083116.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7083116.exe
      4⤵
      PID:1976

C:\Windows\SysWOW64\notpad.exe
"C:\Windows\system32\notpad.exe"
1⤵
PID:2008
- C:\Users\Admin\AppData\Local\Temp\tmp7099043.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7099043.exe
  2⤵
  PID:980
- C:\Users\Admin\AppData\Local\Temp\tmp7099075.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7099075.exe
  2⤵
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\tmp7099215.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7099215.exe
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\tmp7099340.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7099340.exe
    3⤵
    PID:948
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\tmp7103895.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103895.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\tmp7104020.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104020.exe
        5⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\tmp7104067.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104067.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\tmp7104254.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104254.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104472.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104472.exe
        7⤵
        
        PID:744
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104893.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104893.exe
        9⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105361.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105361.exe
        9⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105689.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105689.exe
        10⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106843.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106843.exe
        12⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        13⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107608.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107608.exe
        14⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109137.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109137.exe
        14⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109527.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109527.exe
        15⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145485.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145485.exe
        15⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\tmp7149432.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7149432.exe
        16⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        17⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\tmp7164704.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7164704.exe
        18⤵
        
        PID:644
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        19⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tmp7178932.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7178932.exe
        20⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189555.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189555.exe
        20⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\tmp7199009.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7199009.exe
        21⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\tmp7200257.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7200257.exe
        21⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\tmp7220272.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7220272.exe
        22⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7218291.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7218291.exe
        22⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        23⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\tmp7176123.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7176123.exe
        18⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189602.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189602.exe
        19⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        20⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\tmp7194968.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7194968.exe
        21⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198712.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198712.exe
        22⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        23⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\tmp7203112.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7203112.exe
        24⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\tmp7201661.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7201661.exe
        22⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\tmp7219149.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7219149.exe
        23⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\tmp7224234.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7224234.exe
        23⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\tmp7190834.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7190834.exe
        19⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tmp7199789.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7199789.exe
        20⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\tmp7153394.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7153394.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107015.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107015.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107467.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107467.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109948.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109948.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148605.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148605.exe
        14⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7149338.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7149338.exe
        14⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106282.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106282.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106485.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106485.exe
        11⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106547.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106547.exe
        11⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104581.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104581.exe
        7⤵
        
        PID:1920

C:\Users\Admin\AppData\Local\Temp\tmp7099106.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099106.exe
1⤵
PID:1704
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:824
- - C:\Users\Admin\AppData\Local\Temp\tmp7099324.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7099324.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\tmp7099402.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7099402.exe
    3⤵
    PID:1012
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\tmp7103786.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103786.exe
        5⤵
        
        PID:1040
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101633.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101633.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104113.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104113.exe
        7⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104706.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104706.exe
        9⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105096.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105096.exe
        11⤵
        
        PID:680
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105611.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105611.exe
        13⤵
        
        PID:948
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        14⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106656.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106656.exe
        15⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106750.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106750.exe
        15⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107187.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107187.exe
        16⤵
        
        PID:908
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        17⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144642.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144642.exe
        18⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145251.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145251.exe
        18⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148215.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148215.exe
        19⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\tmp7149151.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7149151.exe
        19⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\tmp7151475.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7151475.exe
        20⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        21⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\tmp7176591.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7176591.exe
        22⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7178167.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7178167.exe
        22⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\tmp7193440.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7193440.exe
        23⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198229.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198229.exe
        24⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\tmp7220397.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7220397.exe
        24⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189571.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189571.exe
        23⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\tmp7164314.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7164314.exe
        20⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107561.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107561.exe
        16⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109261.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109261.exe
        17⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        18⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146811.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146811.exe
        19⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        20⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7150992.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7150992.exe
        21⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\tmp7176545.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7176545.exe
        21⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189649.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189649.exe
        22⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191271.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191271.exe
        22⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148933.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148933.exe
        19⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\tmp7152739.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7152739.exe
        20⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\tmp7162863.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7162863.exe
        20⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7178089.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7178089.exe
        21⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174189.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174189.exe
        21⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        22⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\tmp7190616.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7190616.exe
        23⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191365.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191365.exe
        23⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\tmp7197059.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7197059.exe
        24⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\tmp7200382.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7200382.exe
        24⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\tmp7218634.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7218634.exe
        25⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tmp7223454.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7223454.exe
        25⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144736.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144736.exe
        17⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105705.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105705.exe
        13⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106344.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106344.exe
        14⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106500.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106500.exe
        14⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106703.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106703.exe
        15⤵
        
        PID:524
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        16⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106984.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106984.exe
        17⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107093.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107093.exe
        17⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107935.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107935.exe
        18⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109901.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7109901.exe
        18⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\tmp7110338.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7110338.exe
        19⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144970.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144970.exe
        19⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106734.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106734.exe
        15⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105299.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105299.exe
        11⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104800.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104800.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105034.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105034.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105190.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105190.exe
        10⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105627.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105627.exe
        11⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104301.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104301.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104597.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104597.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104847.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104847.exe
        8⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\tmp7104098.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104098.exe
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\tmp7104457.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104457.exe
        6⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\tmp7104925.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104925.exe
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105003.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105003.exe
        7⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105455.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105455.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106563.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106563.exe
        9⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106797.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106797.exe
        10⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107046.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107046.exe
        10⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107343.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107343.exe
        11⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107701.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107701.exe
        11⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105143.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105143.exe
        7⤵
        
        PID:1456

C:\Users\Admin\AppData\Local\Temp\tmp7099293.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099293.exe
1⤵
PID:1112
- C:\Users\Admin\AppData\Local\Temp\tmp7099465.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7099465.exe
  2⤵
  PID:1984
- C:\Users\Admin\AppData\Local\Temp\tmp7099589.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7099589.exe
  2⤵
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\tmp7099948.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7099948.exe
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\tmp7100588.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7100588.exe
    3⤵
    PID:368

C:\Users\Admin\AppData\Local\Temp\tmp7099574.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099574.exe
1⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\tmp7099683.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099683.exe
1⤵
PID:776
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\tmp7100135.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7100135.exe
    3⤵
    PID:1364

C:\Users\Admin\AppData\Local\Temp\tmp7099745.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099745.exe
1⤵
PID:888
- C:\Users\Admin\AppData\Local\Temp\tmp7099886.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7099886.exe
  2⤵
  PID:1464
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    PID:332
  - - C:\Users\Admin\AppData\Local\Temp\tmp7102897.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7102897.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\tmp7102725.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7102725.exe
      4⤵
      PID:1480
- - C:\Users\Admin\AppData\Local\Temp\tmp7193377.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7193377.exe
    3⤵
    PID:1552
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\tmp7201536.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7201536.exe
        5⤵
        
        PID:576
- - C:\Users\Admin\AppData\Local\Temp\tmp7194110.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7194110.exe
    3⤵
    PID:1188
- C:\Users\Admin\AppData\Local\Temp\tmp7100494.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7100494.exe
  2⤵
  PID:1936

C:\Users\Admin\AppData\Local\Temp\tmp7099730.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099730.exe
1⤵
PID:924
- C:\Users\Admin\AppData\Local\Temp\tmp7103770.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7103770.exe
  2⤵
  PID:1036
- C:\Users\Admin\AppData\Local\Temp\tmp7103879.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7103879.exe
  2⤵
  PID:1500
- - C:\Users\Admin\AppData\Local\Temp\tmp7104035.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7104035.exe
    3⤵
    PID:1812
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\tmp7104503.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104503.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\tmp7104737.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104737.exe
        5⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\tmp7105018.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105018.exe
        6⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\tmp7105237.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105237.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105424.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105424.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105658.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105658.exe
        7⤵
        
        PID:1076
- - C:\Users\Admin\AppData\Local\Temp\tmp7104051.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7104051.exe
    3⤵
    PID:1424

C:\Users\Admin\AppData\Local\Temp\tmp7099199.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099199.exe
1⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\tmp7099184.exe
C:\Users\Admin\AppData\Local\Temp\tmp7099184.exe
1⤵
PID:1604

C:\Windows\SysWOW64\notpad.exe
"C:\Windows\system32\notpad.exe"
1⤵
PID:980
- C:\Users\Admin\AppData\Local\Temp\tmp7103115.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7103115.exe
  2⤵
  PID:1868
- C:\Users\Admin\AppData\Local\Temp\tmp7103224.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7103224.exe
  2⤵
  PID:908

C:\Users\Admin\AppData\Local\Temp\tmp7103630.exe
C:\Users\Admin\AppData\Local\Temp\tmp7103630.exe
1⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\tmp7103599.exe
C:\Users\Admin\AppData\Local\Temp\tmp7103599.exe
1⤵
PID:776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp7076033.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7076033.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7076205.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7076735.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7076735.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7076860.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7077156.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7077156.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7077328.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7077718.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7077718.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7077921.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7078248.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7078248.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7078389.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7079231.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Windows\SysWOW64\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\Windows\SysWOW64\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\Windows\SysWOW64\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\Windows\SysWOW64\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\Windows\SysWOW64\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
447KB

MD5
28b913850cc3d87435f1c300cf553d4a

SHA1
a94a207fd60818fc5a84a12f5c82d6e00b210d76

SHA256
a9842aa0b87dac4fe845ee5791f5cc8d24a3a59d3dbe8870fd24272b4d1e01b8

SHA512
591e97583109681a2efbdf801d7e68f0f60d19f2976ac8bb101ae16958e14c703d553ee816258dc16eaa318293b47cab89df9d163ece9c09e5b04a3cfc092950

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
1.1MB

MD5
9953d72fc9cd58138f2d318d4ac9d8c5

SHA1
eb88a9ad20f9f20ebd72c234e2711c7900cfeb84

SHA256
14cf82d8d8f2c3f393b3c9b9a73a474eb97461850c754f2bb8e6b04edab884f3

SHA512
417ab6cfde7c9a657da8b299e54ee276f24637f92f663effcbcdfcb222f0f80a8da567150932df5612ffb676a7be6e6d1a268f91ab3e411c7f4e43cf05ba336b

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
1.1MB

MD5
9953d72fc9cd58138f2d318d4ac9d8c5

SHA1
eb88a9ad20f9f20ebd72c234e2711c7900cfeb84

SHA256
14cf82d8d8f2c3f393b3c9b9a73a474eb97461850c754f2bb8e6b04edab884f3

SHA512
417ab6cfde7c9a657da8b299e54ee276f24637f92f663effcbcdfcb222f0f80a8da567150932df5612ffb676a7be6e6d1a268f91ab3e411c7f4e43cf05ba336b

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7076033.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7076033.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7076205.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7076735.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7076735.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7076860.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7077156.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7077156.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7077328.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7077718.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7077718.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7077921.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7078248.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7078248.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7078389.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7079231.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7079231.exe

Filesize
447KB

MD5
58ae815d5b7ad4577317beffcae3d580

SHA1
fea4373e6988f5f4f09304550c2e3210dcd6b34c

SHA256
e4c13e304ed59bf52f1ec0dc2cad2f905d3f48ebad56bba4f28a58e51c90d631

SHA512
c86b724d3e237c361592f297085477fb89fa91f690b31d1bd7c20c6f474ba2e87085028fd81704c3139b16e876c615d71a96eb351e4352f7e504b2485829dc68

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
634KB

MD5
0edb792aed592ec4502735e4aa8a2e47

SHA1
b803843f531673d801c8c4ff92bb4eec0ccab004

SHA256
13b04d2ded7c56b0c7b7b6332e7aaa68f785ff79e516daeff7c23ec693f5fc69

SHA512
7d3609fb09328287c11492c81fc318ab9354d4e2f614e869ad2fa2c2def9d3f40b3e008343d2f7043712be039acabb9cb833c57c09fce5392b36720eff9e35bc

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
1.1MB

MD5
9953d72fc9cd58138f2d318d4ac9d8c5

SHA1
eb88a9ad20f9f20ebd72c234e2711c7900cfeb84

SHA256
14cf82d8d8f2c3f393b3c9b9a73a474eb97461850c754f2bb8e6b04edab884f3

SHA512
417ab6cfde7c9a657da8b299e54ee276f24637f92f663effcbcdfcb222f0f80a8da567150932df5612ffb676a7be6e6d1a268f91ab3e411c7f4e43cf05ba336b

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
1.1MB

MD5
9953d72fc9cd58138f2d318d4ac9d8c5

SHA1
eb88a9ad20f9f20ebd72c234e2711c7900cfeb84

SHA256
14cf82d8d8f2c3f393b3c9b9a73a474eb97461850c754f2bb8e6b04edab884f3

SHA512
417ab6cfde7c9a657da8b299e54ee276f24637f92f663effcbcdfcb222f0f80a8da567150932df5612ffb676a7be6e6d1a268f91ab3e411c7f4e43cf05ba336b

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
1.1MB

MD5
9953d72fc9cd58138f2d318d4ac9d8c5

SHA1
eb88a9ad20f9f20ebd72c234e2711c7900cfeb84

SHA256
14cf82d8d8f2c3f393b3c9b9a73a474eb97461850c754f2bb8e6b04edab884f3

SHA512
417ab6cfde7c9a657da8b299e54ee276f24637f92f663effcbcdfcb222f0f80a8da567150932df5612ffb676a7be6e6d1a268f91ab3e411c7f4e43cf05ba336b

Download Submit
memory/112-190-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/280-154-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/332-212-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/432-314-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/600-296-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/668-235-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/668-215-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/692-268-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/776-266-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/776-261-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/852-169-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/852-176-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/888-263-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/888-260-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/892-175-0x0000000001FC0000-0x0000000001FCD000-memory.dmp

Filesize
52KB

Download
memory/924-317-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1036-274-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1064-291-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1076-282-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1172-276-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1200-205-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1212-206-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1252-217-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1252-222-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1276-253-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1364-320-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1448-305-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1448-301-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1504-233-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1516-297-0x00000000003A0000-0x00000000003BF000-memory.dmp

Filesize
124KB

Download
memory/1516-298-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1536-209-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1552-271-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1600-163-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1600-287-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1652-307-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1660-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/1668-290-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-280-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1692-254-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1728-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1736-310-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1772-184-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1872-313-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1872-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1880-278-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1932-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1932-238-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1936-159-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1956-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-303-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1976-299-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1988-285-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1992-251-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1996-259-0x0000000000220000-0x000000000023F000-memory.dmp

Filesize
124KB

Download
memory/1996-257-0x0000000000220000-0x000000000023F000-memory.dmp

Filesize
124KB

Download
memory/1996-188-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1996-258-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2012-224-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2012-218-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2028-168-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2028-172-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2044-246-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download