c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98

Analysis

max time kernel
150s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe
Size

1.2MB
MD5

b2090b4b26b67bf2c63fdc22d67ae176
SHA1

454f1f13b9c7d9858d80e45ddead409000c6f831
SHA256

c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98
SHA512

7141764d6649f435a3cb6a2fe0888faad2184a8fc298ef051b633875bdeca48c3026ee2aba149baed00da7083f7b3b28619544ed1fcab507495043e39bb44344
SSDEEP

12288:HPFdPZdPNPFdPZdPqPFdPZdPrPFdPZdPiPFdPZdPFPFdPZdPzSDyTFtj2SDyo1tj:aDyTFtjTDyo1tj

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1276	tmp7085986.exe
1932	notpad.exe
1244	tmp7086439.exe
1420	tmp7086485.exe
668	notpad.exe
1696	tmp7086751.exe
1624	tmp7086782.exe
1616	notpad.exe
1780	tmp7086953.exe
1072	tmp7087078.exe
1344	notpad.exe
1732	tmp7087219.exe
296	tmp7087281.exe
1648	notpad.exe
1460	tmp7087515.exe
1680	tmp7087562.exe
948	notpad.exe
984	tmp7087765.exe
620	tmp7087780.exe
532	notpad.exe
816	tmp7087952.exe
1180	tmp7087983.exe
960	notpad.exe
1152	tmp7088123.exe
472	tmp7088155.exe
1600	notpad.exe
1708	tmp7088389.exe
1632	tmp7088591.exe
524	notpad.exe
980	tmp7088779.exe
1696	tmp7088825.exe
1924	notpad.exe
864	tmp7089044.exe
1012	tmp7089169.exe
1780	notpad.exe
1072	tmp7089434.exe
2028	tmp7089465.exe
288	notpad.exe
296	tmp7089886.exe
2032	tmp7090807.exe
1204	notpad.exe
1720	tmp7091056.exe
1148	tmp7091087.exe
1900	notpad.exe
1628	tmp7091259.exe
1524	tmp7091321.exe
1536	notpad.exe
1464	tmp7091524.exe
948	tmp7091555.exe
1404	notpad.exe
1768	tmp7091680.exe
984	tmp7091727.exe
1188	notpad.exe
1056	tmp7091852.exe
324	tmp7091867.exe
1932	notpad.exe
472	tmp7092070.exe
1472	tmp7092117.exe
1092	notpad.exe
632	tmp7092335.exe
1312	tmp7092367.exe
1048	notpad.exe
524	tmp7092569.exe
772	tmp7092601.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1340-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014ab1-61.dat	upx
behavioral1/files/0x0007000000014ab1-62.dat	upx
behavioral1/files/0x0007000000014ab1-64.dat	upx
behavioral1/files/0x0007000000014ab1-65.dat	upx
behavioral1/files/0x0007000000014930-71.dat	upx
behavioral1/memory/1932-77-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014ab1-79.dat	upx
behavioral1/files/0x0007000000014ab1-80.dat	upx
behavioral1/files/0x0007000000014ab1-82.dat	upx
behavioral1/files/0x0007000000014930-89.dat	upx
behavioral1/files/0x0007000000014ab1-99.dat	upx
behavioral1/files/0x0007000000014ab1-96.dat	upx
behavioral1/memory/668-95-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014ab1-94.dat	upx
behavioral1/files/0x0007000000014ab1-112.dat	upx
behavioral1/files/0x0007000000014ab1-116.dat	upx
behavioral1/memory/1616-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1344-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014ab1-131.dat	upx
behavioral1/files/0x0007000000014ab1-135.dat	upx
behavioral1/files/0x0007000000014ab1-133.dat	upx
behavioral1/memory/1732-132-0x0000000002510000-0x000000000252F000-memory.dmp	upx
behavioral1/memory/1648-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014ab1-149.dat	upx
behavioral1/memory/948-157-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014ab1-152.dat	upx
behavioral1/files/0x0007000000014ab1-150.dat	upx
behavioral1/memory/532-163-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000014930-142.dat	upx
behavioral1/files/0x0007000000014930-125.dat	upx
behavioral1/files/0x0007000000014ab1-114.dat	upx
behavioral1/files/0x0007000000014930-106.dat	upx
behavioral1/memory/960-170-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1600-175-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/524-182-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1924-188-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1780-194-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/288-199-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1204-202-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1204-207-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1900-213-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1536-220-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1404-225-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1188-231-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1932-237-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1092-243-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1048-249-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1668-252-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/972-254-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1780-256-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1040-259-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1968-263-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/288-265-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/964-267-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1680-272-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1900-274-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/956-273-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1936-277-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/568-278-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-281-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1188-283-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/584-286-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1608-289-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Loads dropped DLL 64 IoCs

pid	Process
1340	c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe
1340	c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe
1276	tmp7085986.exe
1276	tmp7085986.exe
1932	notpad.exe
1932	notpad.exe
1932	notpad.exe
1244	tmp7086439.exe
1244	tmp7086439.exe
668	notpad.exe
668	notpad.exe
668	notpad.exe
1696	tmp7086751.exe
1696	tmp7086751.exe
1616	notpad.exe
1616	notpad.exe
1616	notpad.exe
1780	tmp7086953.exe
1780	tmp7086953.exe
1344	notpad.exe
1344	notpad.exe
1344	notpad.exe
1732	tmp7087219.exe
1732	tmp7087219.exe
1648	notpad.exe
1648	notpad.exe
1648	notpad.exe
1460	tmp7087515.exe
1460	tmp7087515.exe
948	notpad.exe
948	notpad.exe
948	notpad.exe
984	tmp7087765.exe
984	tmp7087765.exe
532	notpad.exe
532	notpad.exe
532	notpad.exe
816	tmp7087952.exe
816	tmp7087952.exe
960	notpad.exe
960	notpad.exe
960	notpad.exe
1152	tmp7088123.exe
1152	tmp7088123.exe
1600	notpad.exe
1600	notpad.exe
1600	notpad.exe
1708	tmp7088389.exe
1708	tmp7088389.exe
524	notpad.exe
524	notpad.exe
524	notpad.exe
980	tmp7088779.exe
980	tmp7088779.exe
1924	notpad.exe
1924	notpad.exe
1924	notpad.exe
864	tmp7089044.exe
864	tmp7089044.exe
1780	notpad.exe
1780	notpad.exe
1780	notpad.exe
1072	tmp7089434.exe
1072	tmp7089434.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\notpad.exe	tmp7089434.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7091524.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7085986.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7086439.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7087515.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7092335.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7087952.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7089434.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7091056.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7091524.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7092569.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7093022.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7088389.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7088779.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7091056.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7093022.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7093193.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7087219.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7091056.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7091259.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7091852.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7092335.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7092569.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7092710.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7093537.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7086751.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7087952.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7089044.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7088389.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7089886.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7091852.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7088389.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7087515.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7088779.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7092335.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7092569.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7093271.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7086953.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7086953.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7087219.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7093271.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7092710.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7093193.exe
File created	C:\Windows\SysWOW64\fsb.tmp	tmp7085986.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7086953.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7088123.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7089044.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7092070.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7092070.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7093100.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7093100.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7085986.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7085986.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7088123.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7089044.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7091680.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7091680.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7092070.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7092710.exe
File created	C:\Windows\SysWOW64\notpad.exe-	tmp7093193.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7093537.exe
File opened for modification	C:\Windows\SysWOW64\fsb.tmp	tmp7087952.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7088779.exe
File created	C:\Windows\SysWOW64\notpad.exe	tmp7089886.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 28 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7091259.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7093022.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7089044.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7087219.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7088779.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7089434.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7091680.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086751.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7087515.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7092335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7093193.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7093271.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086953.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7092070.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7087952.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7088123.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7091524.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7086439.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7087765.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7088389.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7091056.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7092569.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7093100.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7091852.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7089886.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7092710.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7093537.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "%SystemRoot%\\system32\\NOTPAD.EXE %1"	tmp7085986.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 1276	1340	c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe	27
PID 1340 wrote to memory of 1276	1340	c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe	27
PID 1340 wrote to memory of 1276	1340	c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe	27
PID 1340 wrote to memory of 1276	1340	c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe	27
PID 1276 wrote to memory of 1932	1276	tmp7085986.exe	28
PID 1276 wrote to memory of 1932	1276	tmp7085986.exe	28
PID 1276 wrote to memory of 1932	1276	tmp7085986.exe	28
PID 1276 wrote to memory of 1932	1276	tmp7085986.exe	28
PID 1932 wrote to memory of 1244	1932	notpad.exe	29
PID 1932 wrote to memory of 1244	1932	notpad.exe	29
PID 1932 wrote to memory of 1244	1932	notpad.exe	29
PID 1932 wrote to memory of 1244	1932	notpad.exe	29
PID 1932 wrote to memory of 1420	1932	notpad.exe	30
PID 1932 wrote to memory of 1420	1932	notpad.exe	30
PID 1932 wrote to memory of 1420	1932	notpad.exe	30
PID 1932 wrote to memory of 1420	1932	notpad.exe	30
PID 1244 wrote to memory of 668	1244	tmp7086439.exe	31
PID 1244 wrote to memory of 668	1244	tmp7086439.exe	31
PID 1244 wrote to memory of 668	1244	tmp7086439.exe	31
PID 1244 wrote to memory of 668	1244	tmp7086439.exe	31
PID 668 wrote to memory of 1696	668	notpad.exe	32
PID 668 wrote to memory of 1696	668	notpad.exe	32
PID 668 wrote to memory of 1696	668	notpad.exe	32
PID 668 wrote to memory of 1696	668	notpad.exe	32
PID 668 wrote to memory of 1624	668	notpad.exe	33
PID 668 wrote to memory of 1624	668	notpad.exe	33
PID 668 wrote to memory of 1624	668	notpad.exe	33
PID 668 wrote to memory of 1624	668	notpad.exe	33
PID 1696 wrote to memory of 1616	1696	tmp7086751.exe	34
PID 1696 wrote to memory of 1616	1696	tmp7086751.exe	34
PID 1696 wrote to memory of 1616	1696	tmp7086751.exe	34
PID 1696 wrote to memory of 1616	1696	tmp7086751.exe	34
PID 1616 wrote to memory of 1780	1616	notpad.exe	35
PID 1616 wrote to memory of 1780	1616	notpad.exe	35
PID 1616 wrote to memory of 1780	1616	notpad.exe	35
PID 1616 wrote to memory of 1780	1616	notpad.exe	35
PID 1616 wrote to memory of 1072	1616	notpad.exe	36
PID 1616 wrote to memory of 1072	1616	notpad.exe	36
PID 1616 wrote to memory of 1072	1616	notpad.exe	36
PID 1616 wrote to memory of 1072	1616	notpad.exe	36
PID 1780 wrote to memory of 1344	1780	tmp7086953.exe	37
PID 1780 wrote to memory of 1344	1780	tmp7086953.exe	37
PID 1780 wrote to memory of 1344	1780	tmp7086953.exe	37
PID 1780 wrote to memory of 1344	1780	tmp7086953.exe	37
PID 1344 wrote to memory of 1732	1344	notpad.exe	50
PID 1344 wrote to memory of 1732	1344	notpad.exe	50
PID 1344 wrote to memory of 1732	1344	notpad.exe	50
PID 1344 wrote to memory of 1732	1344	notpad.exe	50
PID 1344 wrote to memory of 296	1344	notpad.exe	38
PID 1344 wrote to memory of 296	1344	notpad.exe	38
PID 1344 wrote to memory of 296	1344	notpad.exe	38
PID 1344 wrote to memory of 296	1344	notpad.exe	38
PID 1732 wrote to memory of 1648	1732	tmp7087219.exe	39
PID 1732 wrote to memory of 1648	1732	tmp7087219.exe	39
PID 1732 wrote to memory of 1648	1732	tmp7087219.exe	39
PID 1732 wrote to memory of 1648	1732	tmp7087219.exe	39
PID 1648 wrote to memory of 1460	1648	notpad.exe	40
PID 1648 wrote to memory of 1460	1648	notpad.exe	40
PID 1648 wrote to memory of 1460	1648	notpad.exe	40
PID 1648 wrote to memory of 1460	1648	notpad.exe	40
PID 1648 wrote to memory of 1680	1648	notpad.exe	41
PID 1648 wrote to memory of 1680	1648	notpad.exe	41
PID 1648 wrote to memory of 1680	1648	notpad.exe	41
PID 1648 wrote to memory of 1680	1648	notpad.exe	41

C:\Users\Admin\AppData\Local\Temp\c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe
"C:\Users\Admin\AppData\Local\Temp\c79694d1beb2096b5ecef44ff9f4213a0523dd060f8705b5ccfe9e9f40c9cd98.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\tmp7085986.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7085986.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\tmp7086439.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7086439.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1244
    - - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\tmp7086751.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086751.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1696
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086953.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086953.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1780
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087281.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087281.exe
        10⤵
        Executes dropped EXE
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087219.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087219.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087078.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7087078.exe
        8⤵
        Executes dropped EXE
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\tmp7086782.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7086782.exe
        6⤵
        Executes dropped EXE
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\tmp7086485.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7086485.exe
      4⤵
      Executes dropped EXE
      PID:1420

C:\Windows\SysWOW64\notpad.exe
"C:\Windows\system32\notpad.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Users\Admin\AppData\Local\Temp\tmp7087515.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7087515.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  PID:1460
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:948
- C:\Users\Admin\AppData\Local\Temp\tmp7087562.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7087562.exe
  2⤵
  - Executes dropped EXE
  PID:1680

C:\Users\Admin\AppData\Local\Temp\tmp7087780.exe
C:\Users\Admin\AppData\Local\Temp\tmp7087780.exe
1⤵
- Executes dropped EXE
PID:620

C:\Windows\SysWOW64\notpad.exe
"C:\Windows\system32\notpad.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:532
- C:\Users\Admin\AppData\Local\Temp\tmp7087952.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7087952.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  PID:816
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\tmp7088123.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7088123.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Modifies registry class
      PID:1152
    - - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\tmp7088389.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088389.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:1708
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088779.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088779.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:980
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089044.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089044.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:864
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089434.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089434.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        
        PID:1072
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        13⤵
        Executes dropped EXE
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089886.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089886.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:296
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        15⤵
        Executes dropped EXE
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091056.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091056.exe
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1720
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        17⤵
        Executes dropped EXE
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091259.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091259.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1628
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        19⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091524.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091524.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1464
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        21⤵
        Executes dropped EXE
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091680.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091680.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1768
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        23⤵
        Executes dropped EXE
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091852.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091852.exe
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:1056
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        25⤵
        Executes dropped EXE
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092070.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092070.exe
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:472
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        27⤵
        Executes dropped EXE
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092335.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092335.exe
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:632
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        29⤵
        Executes dropped EXE
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092569.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092569.exe
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:524
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        31⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092710.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092710.exe
        32⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1924
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        33⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093022.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093022.exe
        34⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1684
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        35⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093193.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093193.exe
        36⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1812
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        37⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093459.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093459.exe
        38⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093537.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093537.exe
        39⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2020
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        40⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093880.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093880.exe
        41⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093615.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093615.exe
        39⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093240.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093240.exe
        36⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093318.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093318.exe
        37⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093334.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093334.exe
        37⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093053.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093053.exe
        34⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093100.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093100.exe
        35⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2028
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        36⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093271.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093271.exe
        37⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:296
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        38⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093521.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093521.exe
        39⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093552.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093552.exe
        39⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093802.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093802.exe
        40⤵
        
        PID:320
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        41⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094051.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094051.exe
        42⤵
        
        PID:324
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        43⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094285.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094285.exe
        44⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094379.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094379.exe
        44⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094488.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094488.exe
        45⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        46⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094847.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094847.exe
        47⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        48⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094972.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094972.exe
        49⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095003.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095003.exe
        49⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095175.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095175.exe
        50⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095237.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095237.exe
        50⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094878.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094878.exe
        47⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094956.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094956.exe
        48⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094987.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094987.exe
        48⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        47⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099293.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099293.exe
        48⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099589.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099589.exe
        48⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099808.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099808.exe
        49⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105049.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105049.exe
        50⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105081.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105081.exe
        50⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099823.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099823.exe
        49⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094582.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094582.exe
        45⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094161.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094161.exe
        42⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094207.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094207.exe
        43⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        44⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094441.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094441.exe
        45⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094504.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094504.exe
        45⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094597.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094597.exe
        46⤵
        
        PID:632
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        47⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094925.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094925.exe
        48⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        49⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095143.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095143.exe
        50⤵
        
        PID:368
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        51⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095331.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095331.exe
        52⤵
        
        PID:964
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        53⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095627.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095627.exe
        54⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        55⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095970.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095970.exe
        56⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        57⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096220.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096220.exe
        58⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        59⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096438.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096438.exe
        60⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096781.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096781.exe
        61⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098919.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7098919.exe
        61⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096407.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096407.exe
        60⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096251.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096251.exe
        58⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096391.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096391.exe
        59⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        60⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096610.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096610.exe
        61⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        62⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099153.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099153.exe
        63⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        64⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099870.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099870.exe
        65⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100026.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100026.exe
        65⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\tmp7166607.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7166607.exe
        66⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        67⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\tmp7172801.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7172801.exe
        68⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\tmp7188432.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7188432.exe
        68⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\tmp7196482.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7196482.exe
        69⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191053.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191053.exe
        69⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\tmp7167419.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7167419.exe
        66⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\tmp7169634.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7169634.exe
        67⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7173939.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7173939.exe
        67⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\tmp7222783.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7222783.exe
        68⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099574.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099574.exe
        63⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096625.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096625.exe
        61⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099090.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099090.exe
        62⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099012.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099012.exe
        62⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096454.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096454.exe
        59⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100978.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100978.exe
        57⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\tmp7127826.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7127826.exe
        58⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7127950.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7127950.exe
        58⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\tmp7129698.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7129698.exe
        59⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        60⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\tmp7137264.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7137264.exe
        61⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7140212.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7140212.exe
        61⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\tmp7143051.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7143051.exe
        62⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        63⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145516.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145516.exe
        64⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146359.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146359.exe
        64⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\tmp7147419.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7147419.exe
        65⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144767.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144767.exe
        62⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\tmp7161771.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7161771.exe
        61⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        62⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130743.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130743.exe
        59⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101009.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101009.exe
        57⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101321.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101321.exe
        58⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101212.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101212.exe
        58⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103957.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103957.exe
        59⤵
        
        PID:980
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        60⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104082.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104082.exe
        59⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104301.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104301.exe
        60⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        61⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104753.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104753.exe
        62⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        63⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105003.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105003.exe
        64⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        65⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105393.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105393.exe
        66⤵
        
        PID:296
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        67⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107187.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107187.exe
        68⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107639.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107639.exe
        69⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107935.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107935.exe
        69⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106110.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106110.exe
        66⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106750.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106750.exe
        67⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106641.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106641.exe
        67⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105127.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105127.exe
        64⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105486.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7105486.exe
        65⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\tmp7227588.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7227588.exe
        66⤵
        
        PID:896
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        67⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\tmp7236028.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7236028.exe
        68⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7227885.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7227885.exe
        66⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106469.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7106469.exe
        65⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099761.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099761.exe
        66⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\tmp7187948.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7187948.exe
        64⤵
        
        PID:748
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        65⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191724.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191724.exe
        66⤵
        
        PID:972
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        67⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7197542.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7197542.exe
        66⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\tmp7201146.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7201146.exe
        67⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\tmp7208790.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7208790.exe
        67⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120322.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120322.exe
        63⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120587.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120587.exe
        64⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120494.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120494.exe
        64⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120182.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120182.exe
        63⤵
        
        PID:944
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        64⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104784.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104784.exe
        62⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\tmp7118949.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7118949.exe
        62⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        63⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\tmp7119464.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7119464.exe
        62⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104394.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7104394.exe
        60⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095986.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095986.exe
        56⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103224.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103224.exe
        55⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        56⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103427.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103427.exe
        57⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        58⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103661.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103661.exe
        57⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103770.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103770.exe
        58⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103895.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103895.exe
        58⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103302.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103302.exe
        55⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103567.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103567.exe
        56⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095643.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095643.exe
        54⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095955.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095955.exe
        55⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096048.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096048.exe
        55⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095409.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095409.exe
        52⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095752.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095752.exe
        53⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        54⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107187.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107187.exe
        55⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107779.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107779.exe
        56⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100775.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100775.exe
        57⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107920.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107920.exe
        56⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095565.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095565.exe
        53⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100198.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100198.exe
        51⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100260.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100260.exe
        51⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095221.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095221.exe
        50⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095362.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095362.exe
        51⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095487.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095487.exe
        51⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7122568.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7122568.exe
        52⤵
        
        PID:904
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        53⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099683.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7099683.exe
        53⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\tmp7123676.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7123676.exe
        52⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\tmp7166249.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7166249.exe
        53⤵
        
        PID:360
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        49⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095034.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095034.exe
        48⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095159.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095159.exe
        49⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095237.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7095237.exe
        49⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102210.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102210.exe
        48⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        49⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102663.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102663.exe
        50⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102756.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102756.exe
        50⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102881.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102881.exe
        51⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        52⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103021.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7103021.exe
        51⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107109.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7107109.exe
        52⤵
        
        PID:604
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        53⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\tmp7115080.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7115080.exe
        54⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7115564.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7115564.exe
        55⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\tmp7118512.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7118512.exe
        55⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\tmp7114893.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7114893.exe
        54⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094629.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094629.exe
        46⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094254.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7094254.exe
        43⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093942.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093942.exe
        40⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093303.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093303.exe
        37⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093490.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093490.exe
        38⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093583.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093583.exe
        38⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093115.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7093115.exe
        35⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092757.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092757.exe
        32⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120275.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7120275.exe
        33⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\tmp7122147.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7122147.exe
        33⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146780.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146780.exe
        34⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\tmp7147997.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7147997.exe
        34⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092601.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092601.exe
        30⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092367.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092367.exe
        28⤵
        Executes dropped EXE
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092117.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7092117.exe
        26⤵
        Executes dropped EXE
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091867.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091867.exe
        24⤵
        Executes dropped EXE
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096157.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7096157.exe
        23⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091727.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091727.exe
        22⤵
        Executes dropped EXE
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091555.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091555.exe
        20⤵
        Executes dropped EXE
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091321.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091321.exe
        18⤵
        Executes dropped EXE
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091087.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7091087.exe
        16⤵
        Executes dropped EXE
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\tmp7090807.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7090807.exe
        14⤵
        Executes dropped EXE
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089465.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089465.exe
        12⤵
        Executes dropped EXE
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089169.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7089169.exe
        10⤵
        Executes dropped EXE
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088825.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088825.exe
        8⤵
        Executes dropped EXE
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\tmp7088591.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7088591.exe
        6⤵
        Executes dropped EXE
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\tmp7088155.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7088155.exe
      4⤵
      Executes dropped EXE
      PID:472
- C:\Users\Admin\AppData\Local\Temp\tmp7087983.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7087983.exe
  2⤵
  - Executes dropped EXE
  PID:1180

C:\Users\Admin\AppData\Local\Temp\tmp7087765.exe
C:\Users\Admin\AppData\Local\Temp\tmp7087765.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:984

C:\Users\Admin\AppData\Local\Temp\tmp7093349.exe
C:\Users\Admin\AppData\Local\Temp\tmp7093349.exe
1⤵
PID:1648
- C:\Users\Admin\AppData\Local\Temp\tmp7100104.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7100104.exe
  2⤵
  PID:1908
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\tmp7100525.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7100525.exe
      4⤵
      PID:984
    - - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        5⤵
        
        PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\tmp7100619.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7100619.exe
      4⤵
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\tmp7100962.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100962.exe
        5⤵
        
        PID:532
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\tmp7101025.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7101025.exe
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\tmp7103443.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7103443.exe
      4⤵
      PID:960
- - C:\Users\Admin\AppData\Local\Temp\tmp7124472.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7124472.exe
    3⤵
    PID:1480
- - C:\Users\Admin\AppData\Local\Temp\tmp7125376.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7125376.exe
    3⤵
    PID:600
- C:\Users\Admin\AppData\Local\Temp\tmp7100135.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7100135.exe
  2⤵
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\tmp7100245.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7100245.exe
    3⤵
    PID:1528
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\tmp7100635.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100635.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\tmp7100650.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7100650.exe
        5⤵
        
        PID:1116
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\tmp7111040.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7111040.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130790.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130790.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7112335.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7112335.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\tmp7113052.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7113052.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\tmp7113863.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7113863.exe
        8⤵
        
        PID:832
- - C:\Users\Admin\AppData\Local\Temp\tmp7100338.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7100338.exe
    3⤵
    PID:1096
- - C:\Users\Admin\AppData\Local\Temp\tmp7124659.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7124659.exe
    3⤵
    PID:2020
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\tmp7126578.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7126578.exe
        5⤵
        
        PID:1952
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130306.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130306.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\tmp7136203.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7136203.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\tmp7132240.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7132240.exe
        8⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        9⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7143082.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7143082.exe
        10⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        11⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\tmp7128262.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7128262.exe
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\tmp7130883.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130883.exe
        6⤵
        
        PID:668
- - C:\Users\Admin\AppData\Local\Temp\tmp7125018.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7125018.exe
    3⤵
    PID:1020

C:\Users\Admin\AppData\Local\Temp\tmp7100744.exe
C:\Users\Admin\AppData\Local\Temp\tmp7100744.exe
1⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\tmp7101087.exe
C:\Users\Admin\AppData\Local\Temp\tmp7101087.exe
1⤵
PID:1608
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\tmp7101415.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7101415.exe
    3⤵
    PID:1632
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:1496
- - C:\Users\Admin\AppData\Local\Temp\tmp7101493.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7101493.exe
    3⤵
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\tmp7101883.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7101883.exe
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\tmp7101773.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7101773.exe
      4⤵
      PID:1344

C:\Users\Admin\AppData\Local\Temp\tmp7101430.exe
C:\Users\Admin\AppData\Local\Temp\tmp7101430.exe
1⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\tmp7101649.exe
C:\Users\Admin\AppData\Local\Temp\tmp7101649.exe
1⤵
PID:924
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\tmp7101898.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7101898.exe
    3⤵
    PID:632
  - - C:\Windows\SysWOW64\notpad.exe
      "C:\Windows\system32\notpad.exe"
      4⤵
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\tmp7102460.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102460.exe
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\tmp7102772.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7102772.exe
        6⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\tmp7146858.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7146858.exe
        5⤵
        
        PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\tmp7148246.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148246.exe
        5⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\tmp7151226.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7151226.exe
        6⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\tmp7154252.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7154252.exe
        8⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\tmp7157918.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7157918.exe
        10⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\tmp7161335.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7161335.exe
        12⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145032.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145032.exe
        13⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\tmp7163456.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7163456.exe
        12⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\tmp7166701.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7166701.exe
        13⤵
        
        PID:600
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\tmp7170897.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7170897.exe
        15⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174298.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174298.exe
        16⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7184142.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7184142.exe
        16⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\tmp7167403.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7167403.exe
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198354.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198354.exe
        13⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198447.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198447.exe
        14⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\tmp7204672.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7204672.exe
        14⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198213.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198213.exe
        13⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        14⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7206528.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7206528.exe
        15⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        16⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\tmp7209102.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7209102.exe
        17⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7207963.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7207963.exe
        15⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\tmp7209742.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7209742.exe
        16⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        17⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7223829.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7223829.exe
        18⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\tmp7220802.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7220802.exe
        16⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\tmp7160087.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7160087.exe
        10⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\tmp7163784.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7163784.exe
        11⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7156155.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7156155.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\tmp7159010.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7159010.exe
        9⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\tmp7159993.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7159993.exe
        9⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\tmp7152911.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7152911.exe
        6⤵
        
        PID:1132
- - C:\Users\Admin\AppData\Local\Temp\tmp7101992.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7101992.exe
    3⤵
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\tmp7102444.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7102444.exe
      4⤵
      PID:784
  - - C:\Users\Admin\AppData\Local\Temp\tmp7102507.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7102507.exe
      4⤵
      PID:1284

C:\Users\Admin\AppData\Local\Temp\tmp7101664.exe
C:\Users\Admin\AppData\Local\Temp\tmp7101664.exe
1⤵
PID:1904
- C:\Users\Admin\AppData\Local\Temp\tmp7101929.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7101929.exe
  2⤵
  PID:864
- C:\Users\Admin\AppData\Local\Temp\tmp7102101.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7102101.exe
  2⤵
  PID:1656

C:\Users\Admin\AppData\Local\Temp\tmp7101555.exe
C:\Users\Admin\AppData\Local\Temp\tmp7101555.exe
1⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\tmp7102709.exe
C:\Users\Admin\AppData\Local\Temp\tmp7102709.exe
1⤵
PID:1672
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\tmp7103037.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7103037.exe
    3⤵
    PID:604
- - C:\Users\Admin\AppData\Local\Temp\tmp7103084.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7103084.exe
    3⤵
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\tmp7103255.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7103255.exe
      4⤵
      PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\tmp7103365.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7103365.exe
      4⤵
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\tmp7125969.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7125969.exe
        5⤵
        
        PID:816
      - C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\tmp7153815.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7153815.exe
        6⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\tmp7150430.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7150430.exe
        6⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\tmp7126500.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7126500.exe
        5⤵
        
        PID:2044
- C:\Users\Admin\AppData\Local\Temp\tmp7106859.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7106859.exe
  2⤵
  PID:1368
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\tmp7110478.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7110478.exe
      4⤵
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\tmp7111757.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7111757.exe
        5⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\tmp7111898.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7111898.exe
        5⤵
        
        PID:472
      - C:\Users\Admin\AppData\Local\Temp\tmp7130212.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7130212.exe
        6⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\tmp7132880.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7132880.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\tmp7140196.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7140196.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\tmp7142146.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7142146.exe
        9⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144206.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7144206.exe
        11⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        12⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145594.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7145594.exe
        11⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\tmp7147778.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7147778.exe
        12⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        13⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\tmp7152053.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7152053.exe
        14⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\tmp7154127.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7154127.exe
        14⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\tmp7155797.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7155797.exe
        15⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\tmp7156982.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7156982.exe
        15⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148730.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7148730.exe
        12⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\tmp7142287.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7142287.exe
        9⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\tmp7187902.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7187902.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\tmp7188479.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7188479.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\tmp7160617.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7160617.exe
        9⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\tmp7165874.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7165874.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\tmp7170851.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7170851.exe
        12⤵
        
        PID:524
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        13⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\tmp7184314.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7184314.exe
        14⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\tmp7190819.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7190819.exe
        14⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198900.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7198900.exe
        15⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        16⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\tmp7218790.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7218790.exe
        17⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\tmp7208775.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7208775.exe
        15⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\tmp7173674.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7173674.exe
        12⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\tmp7162645.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7162645.exe
        11⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\tmp7161506.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7161506.exe
        9⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\tmp7162692.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7162692.exe
        10⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        11⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\tmp7167075.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7167075.exe
        12⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174345.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174345.exe
        13⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\tmp7163472.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7163472.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7169961.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7169961.exe
        7⤵
        
        PID:296
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174283.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7174283.exe
        9⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\notpad.exe
        
        "C:\Windows\system32\notpad.exe"
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189056.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7189056.exe
        11⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191536.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7191536.exe
        12⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\tmp7183846.exe
        
        C:\Users\Admin\AppData\Local\Temp\tmp7183846.exe
        9⤵
        
        PID:112
  - - C:\Users\Admin\AppData\Local\Temp\tmp7109464.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7109464.exe
      4⤵
      PID:1712

C:\Users\Admin\AppData\Local\Temp\tmp7101196.exe
C:\Users\Admin\AppData\Local\Temp\tmp7101196.exe
1⤵
PID:360
- C:\Users\Admin\AppData\Local\Temp\tmp7147341.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7147341.exe
  2⤵
  PID:1572
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\tmp7148121.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7148121.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\tmp7148293.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7148293.exe
      4⤵
      PID:816

C:\Users\Admin\AppData\Local\Temp\tmp7103692.exe
C:\Users\Admin\AppData\Local\Temp\tmp7103692.exe
1⤵
PID:1472
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:528

C:\Users\Admin\AppData\Local\Temp\tmp7103973.exe
C:\Users\Admin\AppData\Local\Temp\tmp7103973.exe
1⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\tmp7104191.exe
C:\Users\Admin\AppData\Local\Temp\tmp7104191.exe
1⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\tmp7104457.exe
C:\Users\Admin\AppData\Local\Temp\tmp7104457.exe
1⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\tmp7104769.exe
C:\Users\Admin\AppData\Local\Temp\tmp7104769.exe
1⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\tmp7104566.exe
C:\Users\Admin\AppData\Local\Temp\tmp7104566.exe
1⤵
PID:1728
- C:\Users\Admin\AppData\Local\Temp\tmp7104831.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7104831.exe
  2⤵
  PID:1320

C:\Users\Admin\AppData\Local\Temp\tmp7103864.exe
C:\Users\Admin\AppData\Local\Temp\tmp7103864.exe
1⤵
PID:1128

C:\Windows\SysWOW64\notpad.exe
"C:\Windows\system32\notpad.exe"
1⤵
PID:1636
- C:\Users\Admin\AppData\Local\Temp\tmp7116235.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7116235.exe
  2⤵
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\tmp7116438.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7116438.exe
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\tmp7116391.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7116391.exe
    3⤵
    PID:1496
- C:\Users\Admin\AppData\Local\Temp\tmp7115689.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7115689.exe
  2⤵
  PID:952
- - C:\Windows\SysWOW64\notpad.exe
    "C:\Windows\system32\notpad.exe"
    3⤵
    PID:1168
- C:\Users\Admin\AppData\Local\Temp\tmp7227619.exe
  C:\Users\Admin\AppData\Local\Temp\tmp7227619.exe
  2⤵
  PID:1680

C:\Users\Admin\AppData\Local\Temp\tmp7173721.exe
C:\Users\Admin\AppData\Local\Temp\tmp7173721.exe
1⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\tmp7190460.exe
C:\Users\Admin\AppData\Local\Temp\tmp7190460.exe
1⤵
PID:832
- C:\Windows\SysWOW64\notpad.exe
  "C:\Windows\system32\notpad.exe"
  2⤵
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\tmp7197527.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7197527.exe
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\tmp7198868.exe
    C:\Users\Admin\AppData\Local\Temp\tmp7198868.exe
    3⤵
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\tmp7207043.exe
      C:\Users\Admin\AppData\Local\Temp\tmp7207043.exe
      4⤵
      PID:1044

C:\Users\Admin\AppData\Local\Temp\tmp7228836.exe
C:\Users\Admin\AppData\Local\Temp\tmp7228836.exe
1⤵
PID:960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp7085986.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7085986.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086439.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086439.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086485.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086751.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086751.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086782.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086953.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7086953.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087078.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087219.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087219.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087281.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087515.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087515.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7087562.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
123KB

MD5
80dde3d324b6127cf7956804d4c88f6b

SHA1
708c136be7d876947f517ca84eef9607d5054e50

SHA256
90f5f93586efea8a89a3b1b9352d60991aea9a2563c9791eb1e14258d9fcf5d5

SHA512
33a398d8bdadaadf8da320605d0a23c351b5196c58395d329065e61a9bc276b454f9934873831419063b0192ff72dadea0556e3ec01857700a36f5155ff87d01

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Windows\SysWOW64\fsb.tmp

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
C:\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
C:\fsb.stb

Filesize
10KB

MD5
280b12e4717c3a7cf2c39561b30bc9e6

SHA1
8bf777a28c25793357ce8305bf8b01987bc4d9f2

SHA256
f6ab4ba25b6075aa5a76d006c434e64cad37fdb2ff242c848c98fad5167a1bfc

SHA512
861560b01b9b02fcb80c4e233617d72684c7669e1bce3a234b0fafce733735619e6532fb065ed2d1a4c1249635dca7c75561daaaf92460fad3b8771bb20883b7

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7085986.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7085986.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086439.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086439.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086485.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086751.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086751.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086782.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086953.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7086953.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087078.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087219.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087219.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087281.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087515.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087515.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087562.exe

Filesize
175KB

MD5
d378bffb70923139d6a4f546864aa61c

SHA1
f00aa51c2ed8b2f656318fdc01ee1cf5441011a4

SHA256
c4232ddd4d37b9c0884bd44d8476578c54d7f98d58945728e425736a6a07e102

SHA512
7c09ec193d91d3cadb7e58c634b8666d8d6243b3ee7d4d4755eeb82bac62b9508e78aa3c53106bfe72d7a437f650b29a54116663e1b4da11613a30656cccc663

Download Submit
\Users\Admin\AppData\Local\Temp\tmp7087765.exe

Filesize
123KB

MD5
d58fe1e8fe18394e0995986429b2ca3b

SHA1
f73633b5b0b6c1224810f8472d16824cdeb132bc

SHA256
70fbc4f3e0a397e371637013d3ae26c3a7a806abc97d0ad4267d2d74400e8da4

SHA512
f2ae129f534bffa370e917c093b37ae993e1448e434dd283f09bbea896dab6c140bea37486a8cb93f3bf02eb1e987bfc9694fa52a85b5f74b07ada4b129d2634

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
\Windows\SysWOW64\notpad.exe

Filesize
309KB

MD5
ab781223d00dd2a2cc345f6246ee016d

SHA1
ac3818a007e78a85f63135699e6c5955fc617a19

SHA256
d71ba3a04124512578224d37e52b3c0adf66e8acb67bda8f41a9ceec212aa6df

SHA512
c7baacc06f54ffd9122155e6d0ebf463ef2976a9ef04c9522635ba7c836c6e20b0083d6c02c558f53d99c15ff485fa28dc17a466e6cb6385a6fbe77402478cb1

Download Submit
memory/288-320-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/288-199-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/288-265-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/524-182-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/532-163-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/568-278-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/584-286-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/668-95-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-281-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/784-313-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/812-293-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/812-297-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/864-303-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/948-157-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/956-273-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/960-170-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/960-333-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/964-267-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/972-254-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/972-305-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1012-306-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1040-259-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1048-249-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1092-243-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1096-323-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1100-328-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1188-231-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1188-283-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1204-202-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1204-207-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1212-324-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1276-59-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download
memory/1284-312-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1312-292-0x0000000000560000-0x000000000057F000-memory.dmp

Filesize
124KB

Download
memory/1316-338-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1316-339-0x0000000000220000-0x000000000023F000-memory.dmp

Filesize
124KB

Download
memory/1324-299-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1340-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1344-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1404-329-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1404-225-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1536-220-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1552-295-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1552-296-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1560-318-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1600-175-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1600-337-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1608-289-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1616-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1648-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1668-252-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1680-272-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1696-100-0x0000000000490000-0x000000000049D000-memory.dmp

Filesize
52KB

Download
memory/1732-132-0x0000000002510000-0x000000000252F000-memory.dmp

Filesize
124KB

Download
memory/1768-332-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1780-256-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1780-194-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1900-274-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1900-213-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1908-314-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1924-188-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1932-237-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1932-77-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1936-277-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1968-263-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download