a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

Analysis

max time kernel
97s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 12:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
Size

220KB
MD5

53b34b57f04928dcf4be9707294396ef
SHA1

43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c
SHA256

a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d
SHA512

d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67
SSDEEP

6144:XDePJlz721WrrM3gqq4JUdAod7LCQIVr7tfhvRgquF:Sx2ECg4JUKodcfhvRnuF

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1624	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1784	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1272	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2032	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1752	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
268	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
320	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
696	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1960	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1424	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1656	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1548	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1336	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1592	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1520	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1148	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
632	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2016	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
820	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
844	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1472	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1064	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1316	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1776	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1660	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
568	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1540	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1696	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
584	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
900	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
936	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1476	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1076	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2044	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1636	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1448	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2036	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1852	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
776	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1788	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
432	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
292	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1092	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1504	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1728	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001232f-55.dat	upx
behavioral1/files/0x000b00000001232f-56.dat	upx
behavioral1/memory/2020-59-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-58.dat	upx
behavioral1/files/0x000b00000001232f-64.dat	upx
behavioral1/files/0x000b00000001232f-62.dat	upx
behavioral1/files/0x000b00000001232f-63.dat	upx
behavioral1/files/0x000b00000001232f-66.dat	upx
behavioral1/files/0x000b00000001232f-69.dat	upx
behavioral1/files/0x000b00000001232f-68.dat	upx
behavioral1/files/0x000b00000001232f-71.dat	upx
behavioral1/files/0x000b00000001232f-74.dat	upx
behavioral1/files/0x000b00000001232f-73.dat	upx
behavioral1/files/0x000b00000001232f-76.dat	upx
behavioral1/files/0x000b00000001232f-78.dat	upx
behavioral1/files/0x000b00000001232f-79.dat	upx
behavioral1/files/0x000b00000001232f-81.dat	upx
behavioral1/files/0x000b00000001232f-83.dat	upx
behavioral1/files/0x000b00000001232f-84.dat	upx
behavioral1/files/0x000b00000001232f-86.dat	upx
behavioral1/files/0x000b00000001232f-88.dat	upx
behavioral1/files/0x000b00000001232f-89.dat	upx
behavioral1/files/0x000b00000001232f-91.dat	upx
behavioral1/files/0x000b00000001232f-93.dat	upx
behavioral1/files/0x000b00000001232f-94.dat	upx
behavioral1/files/0x000b00000001232f-96.dat	upx
behavioral1/files/0x000b00000001232f-98.dat	upx
behavioral1/files/0x000b00000001232f-99.dat	upx
behavioral1/files/0x000b00000001232f-101.dat	upx
behavioral1/files/0x000b00000001232f-103.dat	upx
behavioral1/files/0x000b00000001232f-104.dat	upx
behavioral1/files/0x000b00000001232f-106.dat	upx
behavioral1/files/0x000b00000001232f-108.dat	upx
behavioral1/files/0x000b00000001232f-109.dat	upx
behavioral1/files/0x000b00000001232f-111.dat	upx
behavioral1/files/0x000b00000001232f-113.dat	upx
behavioral1/files/0x000b00000001232f-114.dat	upx
behavioral1/files/0x000b00000001232f-116.dat	upx
behavioral1/files/0x000b00000001232f-118.dat	upx
behavioral1/files/0x000b00000001232f-119.dat	upx
behavioral1/files/0x000b00000001232f-121.dat	upx
behavioral1/memory/832-123-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/2028-124-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/564-125-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/1452-126-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-129.dat	upx
behavioral1/files/0x000b00000001232f-128.dat	upx
behavioral1/memory/1908-127-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/1912-131-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-133.dat	upx
behavioral1/memory/1700-132-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/1488-136-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-140.dat	upx
behavioral1/files/0x000b00000001232f-139.dat	upx
behavioral1/memory/1052-142-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-143.dat	upx
behavioral1/memory/536-147-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/memory/1688-153-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-151.dat	upx
behavioral1/files/0x000b00000001232f-150.dat	upx
behavioral1/files/0x000b00000001232f-156.dat	upx
behavioral1/memory/392-158-0x0000000000400000-0x000000000049C000-memory.dmp	upx
behavioral1/files/0x000b00000001232f-161.dat	upx
behavioral1/files/0x000b00000001232f-163.dat	upx

Loads dropped DLL 64 IoCs

pid	Process
2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1624	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1624	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1784	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1784	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1272	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1272	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2032	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2032	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1752	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1752	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
268	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
268	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
320	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
320	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
696	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
696	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1960	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1960	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1424	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1424	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1656	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1656	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1548	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1548	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1336	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1336	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1592	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1592	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1520	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1520	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1148	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1148	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Drops file in System32 directory 64 IoCs

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1624	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1624	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1784	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1784	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1272	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1272	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2032	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
2032	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1752	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1752	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
268	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
268	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
320	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
320	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
696	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
696	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1960	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1960	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1424	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1424	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1656	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1656	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1548	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1548	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1336	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1336	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1592	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1592	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1520	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1520	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1148	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
1148	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 832	2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	28
PID 2020 wrote to memory of 832	2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	28
PID 2020 wrote to memory of 832	2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	28
PID 2020 wrote to memory of 832	2020	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	28
PID 832 wrote to memory of 2028	832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	29
PID 832 wrote to memory of 2028	832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	29
PID 832 wrote to memory of 2028	832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	29
PID 832 wrote to memory of 2028	832	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	29
PID 2028 wrote to memory of 564	2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	30
PID 2028 wrote to memory of 564	2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	30
PID 2028 wrote to memory of 564	2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	30
PID 2028 wrote to memory of 564	2028	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	30
PID 564 wrote to memory of 1452	564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	31
PID 564 wrote to memory of 1452	564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	31
PID 564 wrote to memory of 1452	564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	31
PID 564 wrote to memory of 1452	564	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	31
PID 1452 wrote to memory of 1908	1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	32
PID 1452 wrote to memory of 1908	1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	32
PID 1452 wrote to memory of 1908	1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	32
PID 1452 wrote to memory of 1908	1452	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	32
PID 1908 wrote to memory of 1912	1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	33
PID 1908 wrote to memory of 1912	1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	33
PID 1908 wrote to memory of 1912	1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	33
PID 1908 wrote to memory of 1912	1908	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	33
PID 1912 wrote to memory of 1700	1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	34
PID 1912 wrote to memory of 1700	1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	34
PID 1912 wrote to memory of 1700	1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	34
PID 1912 wrote to memory of 1700	1912	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	34
PID 1700 wrote to memory of 1488	1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	35
PID 1700 wrote to memory of 1488	1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	35
PID 1700 wrote to memory of 1488	1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	35
PID 1700 wrote to memory of 1488	1700	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	35
PID 1488 wrote to memory of 1052	1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	36
PID 1488 wrote to memory of 1052	1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	36
PID 1488 wrote to memory of 1052	1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	36
PID 1488 wrote to memory of 1052	1488	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	36
PID 1052 wrote to memory of 536	1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	37
PID 1052 wrote to memory of 536	1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	37
PID 1052 wrote to memory of 536	1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	37
PID 1052 wrote to memory of 536	1052	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	37
PID 536 wrote to memory of 1688	536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	38
PID 536 wrote to memory of 1688	536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	38
PID 536 wrote to memory of 1688	536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	38
PID 536 wrote to memory of 1688	536	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	38
PID 1688 wrote to memory of 392	1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	39
PID 1688 wrote to memory of 392	1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	39
PID 1688 wrote to memory of 392	1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	39
PID 1688 wrote to memory of 392	1688	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	39
PID 392 wrote to memory of 280	392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	40
PID 392 wrote to memory of 280	392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	40
PID 392 wrote to memory of 280	392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	40
PID 392 wrote to memory of 280	392	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	40
PID 280 wrote to memory of 1300	280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	41
PID 280 wrote to memory of 1300	280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	41
PID 280 wrote to memory of 1300	280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	41
PID 280 wrote to memory of 1300	280	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	41
PID 1300 wrote to memory of 1556	1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	42
PID 1300 wrote to memory of 1556	1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	42
PID 1300 wrote to memory of 1556	1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	42
PID 1300 wrote to memory of 1556	1300	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	42
PID 1556 wrote to memory of 1624	1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	43
PID 1556 wrote to memory of 1624	1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	43
PID 1556 wrote to memory of 1624	1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	43
PID 1556 wrote to memory of 1624	1556	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	43

C:\Users\Admin\AppData\Local\Temp\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
"C:\Users\Admin\AppData\Local\Temp\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
  C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
    C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2028
  - - C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
      C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:564
    - - C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1452
      - C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1912
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1700
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1488
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1052
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:536
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:392
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:280
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1556
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        33⤵
        Executes dropped EXE
        
        PID:632
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2016
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        35⤵
        Executes dropped EXE
        
        PID:820
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        36⤵
        Executes dropped EXE
        
        PID:844
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        37⤵
        Executes dropped EXE
        
        PID:1472
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        38⤵
        Executes dropped EXE
        
        PID:1064
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        39⤵
        Executes dropped EXE
        
        PID:1316
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        40⤵
        Executes dropped EXE
        
        PID:1776
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        41⤵
        Executes dropped EXE
        
        PID:1660
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        42⤵
        Executes dropped EXE
        
        PID:568
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        43⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        44⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        45⤵
        Executes dropped EXE
        
        PID:1280
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        46⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        47⤵
        Executes dropped EXE
        
        PID:584
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        48⤵
        Executes dropped EXE
        
        PID:900
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:936
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        50⤵
        Executes dropped EXE
        
        PID:1476
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1076
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        52⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        53⤵
        Executes dropped EXE
        
        PID:1636
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        54⤵
        Executes dropped EXE
        
        PID:300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        55⤵
        Executes dropped EXE
        
        PID:1448
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        56⤵
        Executes dropped EXE
        
        PID:2036
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        57⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        58⤵
        Executes dropped EXE
        
        PID:1020
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        59⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        60⤵
        Executes dropped EXE
        
        PID:1788
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        61⤵
        Executes dropped EXE
        
        PID:432
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        62⤵
        Executes dropped EXE
        
        PID:292
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1092
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        64⤵
        Executes dropped EXE
        
        PID:1504
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        65⤵
        Executes dropped EXE
        
        PID:1728
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        66⤵
        
        PID:992
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        67⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        68⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        69⤵
        
        PID:968
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        70⤵
        
        PID:916
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        71⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        72⤵
        Drops file in System32 directory
        
        PID:964
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        73⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        74⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        75⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        76⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        77⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        78⤵
        
        PID:664
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        79⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        80⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        81⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        82⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        83⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        84⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        85⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        86⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        87⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        88⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        89⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        90⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        91⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        92⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        93⤵
        Drops file in System32 directory
        
        PID:2216
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        94⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        95⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        96⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        97⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        98⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        99⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        100⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        101⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        102⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        103⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        104⤵
        Drops file in System32 directory
        
        PID:2348
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        105⤵
        Drops file in System32 directory
        
        PID:2360
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        106⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        107⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        108⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        109⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        110⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        111⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        112⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        113⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        114⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        115⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        116⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        117⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        118⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        119⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        120⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        121⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        122⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        123⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        124⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        125⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        126⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        127⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        128⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        129⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        130⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        131⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        132⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        133⤵
        Drops file in System32 directory
        
        PID:2696
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        134⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        135⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        136⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        137⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        138⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        139⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        140⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        141⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        142⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        143⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        144⤵
        Drops file in System32 directory
        
        PID:2828
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        145⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        146⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        147⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        148⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        149⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        150⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        151⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        152⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        153⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        154⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        155⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        156⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        157⤵
        Drops file in System32 directory
        
        PID:2984
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        158⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        159⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        160⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        161⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        162⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        163⤵
        Drops file in System32 directory
        
        PID:3056
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        164⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        165⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        166⤵
        Drops file in System32 directory
        
        PID:2116
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        167⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        168⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        169⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        170⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        171⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        172⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        173⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        174⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        175⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        176⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        177⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        178⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        179⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        180⤵
        Drops file in System32 directory
        
        PID:2620
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        181⤵
        Drops file in System32 directory
        
        PID:2656
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        182⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        183⤵
        Drops file in System32 directory
        
        PID:2728
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        184⤵
        Drops file in System32 directory
        
        PID:2764
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        185⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        186⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        187⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        188⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        189⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        190⤵
        Drops file in System32 directory
        
        PID:2980
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        191⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        192⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        193⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        194⤵
        Drops file in System32 directory
        
        PID:2212
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        195⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        196⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        197⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        198⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        199⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        200⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        201⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        202⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        203⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        204⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        205⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        206⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        207⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        208⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        209⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        210⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        211⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        212⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        213⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        214⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        215⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        216⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        217⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        218⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        219⤵
        Drops file in System32 directory
        
        PID:3216
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        220⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        221⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        222⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        223⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        224⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        225⤵
        Drops file in System32 directory
        
        PID:3288
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        226⤵
        Drops file in System32 directory
        
        PID:3300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        227⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        228⤵
        Drops file in System32 directory
        
        PID:3324
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        229⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        230⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        231⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        232⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        233⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        234⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        235⤵
        Drops file in System32 directory
        
        PID:3408
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        236⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        237⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        238⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        239⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        240⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        241⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        242⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        243⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        244⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        245⤵
        Drops file in System32 directory
        
        PID:3528
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        246⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        247⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        248⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        249⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        250⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        251⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        252⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        253⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        254⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        255⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        256⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        257⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        258⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        259⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        260⤵
        Drops file in System32 directory
        
        PID:3708
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        261⤵
        Drops file in System32 directory
        
        PID:3720
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        262⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        263⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        264⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        265⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        266⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        267⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        268⤵
        Drops file in System32 directory
        
        PID:3804
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        269⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        270⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        271⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        272⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        273⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        274⤵
        Drops file in System32 directory
        
        PID:3876
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        275⤵
        Drops file in System32 directory
        
        PID:3888
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        276⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        277⤵
        Drops file in System32 directory
        
        PID:3912
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        278⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        279⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        280⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        281⤵
        Drops file in System32 directory
        
        PID:3960
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        282⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        283⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        284⤵
        Drops file in System32 directory
        
        PID:3996
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        285⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        286⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        287⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        288⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        289⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        290⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        291⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        292⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        293⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        294⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        295⤵
        Drops file in System32 directory
        
        PID:3176
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        296⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        297⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        298⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        299⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        300⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        301⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        302⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        303⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        304⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        305⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        306⤵
        Drops file in System32 directory
        
        PID:3572
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        307⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        308⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        309⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        310⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        311⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        312⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        313⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        314⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        315⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        316⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        317⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        318⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        319⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        320⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        321⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        322⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        323⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        324⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        325⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        326⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        327⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        328⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        329⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        330⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        331⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        332⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        333⤵
        Drops file in System32 directory
        
        PID:3920
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        334⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        335⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        336⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        337⤵
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        338⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        339⤵
        Drops file in System32 directory
        
        PID:4172
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        340⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        341⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        342⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        343⤵
        Drops file in System32 directory
        
        PID:4244
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        344⤵
        Drops file in System32 directory
        
        PID:4264
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        345⤵
        Drops file in System32 directory
        
        PID:4276
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        346⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        347⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        348⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        349⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        350⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        351⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        352⤵
        Drops file in System32 directory
        
        PID:4360
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        353⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        354⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        355⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        356⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        357⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        358⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        359⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        360⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        361⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        362⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        363⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        364⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        365⤵
        Drops file in System32 directory
        
        PID:4528
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        366⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        367⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        368⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        369⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        370⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        371⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        372⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        373⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        374⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        375⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        376⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        377⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        378⤵
        Drops file in System32 directory
        
        PID:4732
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        379⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        380⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        381⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        382⤵
        Drops file in System32 directory
        
        PID:4800
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        383⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        384⤵
        Drops file in System32 directory
        
        PID:4828
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        385⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        386⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        387⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        388⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        389⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        390⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        391⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        392⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        393⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        394⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        395⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        396⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        397⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        398⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        399⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        400⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        401⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        402⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        403⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        404⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        405⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        406⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        407⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        408⤵
        
        PID:364
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        409⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        410⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        411⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        412⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        413⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        414⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        415⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        416⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        417⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        418⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        419⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        420⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        421⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        422⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        423⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        424⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        425⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        426⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        427⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        428⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        429⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        430⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        431⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        432⤵
        
        PID:696
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        433⤵
        
        PID:320
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        434⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        435⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        436⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        437⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        438⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        439⤵
        
        PID:308
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        440⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        441⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        442⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        443⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        444⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        445⤵
        Drops file in System32 directory
        
        PID:4396
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        446⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        447⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        448⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        449⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        450⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        451⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        452⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        453⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        454⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        455⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        456⤵
        
        PID:944
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        457⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        458⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        459⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        460⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        461⤵
        Drops file in System32 directory
        
        PID:1388
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        462⤵
        
        PID:992
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        463⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        464⤵
        Drops file in System32 directory
        
        PID:676
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        465⤵
        
        PID:436
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        466⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        467⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        468⤵
        
        PID:916
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        469⤵
        Drops file in System32 directory
        
        PID:964
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        470⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        471⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        472⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        473⤵
        
        PID:756
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        474⤵
        
        PID:516
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        475⤵
        Drops file in System32 directory
        
        PID:664
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        476⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        477⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        478⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        479⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        480⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        481⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        482⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        483⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        484⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        485⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        486⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        487⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        488⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        489⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        490⤵
        
        PID:680
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        491⤵
        
        PID:960
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        492⤵
        
        PID:844
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        493⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        494⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        495⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        496⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        497⤵
        Drops file in System32 directory
        
        PID:4916
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        498⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        499⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        500⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        501⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        502⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        503⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        504⤵
        Drops file in System32 directory
        
        PID:2472
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        505⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        506⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        507⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        508⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        509⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        510⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        511⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        512⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        513⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        514⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        515⤵
        Drops file in System32 directory
        
        PID:2204
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        516⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        517⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        518⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        519⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        520⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        521⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        522⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        523⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        524⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        525⤵
        Drops file in System32 directory
        
        PID:2700
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        526⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        527⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        528⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        529⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        530⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        531⤵
        Drops file in System32 directory
        
        PID:2340
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        532⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        533⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        534⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        535⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        536⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        537⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        538⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        539⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        540⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        541⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        542⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        543⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        544⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        545⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        546⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        547⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        548⤵
        
        PID:584
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        549⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        550⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        551⤵
        Drops file in System32 directory
        
        PID:2844
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        552⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        553⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        554⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        555⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        556⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        557⤵
        
        PID:884
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        558⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        559⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        560⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        561⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        562⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        563⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        564⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        565⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        566⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        567⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        568⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        569⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        570⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        571⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        572⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        573⤵
        
        PID:652
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        574⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        575⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        576⤵
        Drops file in System32 directory
        
        PID:2512
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        577⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        578⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        579⤵
        Drops file in System32 directory
        
        PID:2344
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        580⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        581⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        582⤵
        Drops file in System32 directory
        
        PID:2632
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        583⤵
        Drops file in System32 directory
        
        PID:2980
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        584⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        585⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        586⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        587⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        588⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        589⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        590⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        591⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        592⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        593⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        594⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        595⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        596⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        597⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        598⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        599⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        600⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        601⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        602⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        603⤵
        
        PID:968
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        604⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        605⤵
        
        PID:316
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        606⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        607⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        608⤵
        Drops file in System32 directory
        
        PID:3232
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        609⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        610⤵
        Drops file in System32 directory
        
        PID:296
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        611⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        612⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        613⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        614⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        615⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        616⤵
        
        PID:632
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        617⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        618⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        619⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        620⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        621⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        622⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        623⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        624⤵
        Drops file in System32 directory
        
        PID:3504
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        625⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        626⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        627⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        628⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        629⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        630⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        631⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        632⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        633⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        634⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        635⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        636⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        
        C:\Windows\system32\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
        637⤵
        
        PID:3616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe

Filesize
220KB

MD5
53b34b57f04928dcf4be9707294396ef

SHA1
43ddb7604ee22f7f5f0a51ff109dd84ee4591b5c

SHA256
a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d

SHA512
d6beb3dd217b2702e458d49094615df29ac8eafde23306284bf1faca98917a0c889ac9ce314e88d6cc39e021f826f62a9abeaace7335bf5879dd8000c8b11b67

Download Submit
memory/268-240-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/268-241-0x0000000001ED0000-0x0000000001F6C000-memory.dmp

Filesize
624KB

Download
memory/268-242-0x0000000001ED0000-0x0000000001F6C000-memory.dmp

Filesize
624KB

Download
memory/280-165-0x0000000002C00000-0x0000000002C9C000-memory.dmp

Filesize
624KB

Download
memory/280-162-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/280-217-0x0000000002C00000-0x0000000002C9C000-memory.dmp

Filesize
624KB

Download
memory/320-246-0x0000000002BE0000-0x0000000002C7C000-memory.dmp

Filesize
624KB

Download
memory/320-245-0x0000000002BE0000-0x0000000002C7C000-memory.dmp

Filesize
624KB

Download
memory/320-243-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/392-158-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/392-160-0x0000000001EE0000-0x0000000001F7C000-memory.dmp

Filesize
624KB

Download
memory/392-159-0x0000000001EE0000-0x0000000001F7C000-memory.dmp

Filesize
624KB

Download
memory/536-148-0x0000000002C50000-0x0000000002CEC000-memory.dmp

Filesize
624KB

Download
memory/536-149-0x0000000002C50000-0x0000000002CEC000-memory.dmp

Filesize
624KB

Download
memory/536-147-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/564-125-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/696-247-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/696-250-0x0000000001FF0000-0x000000000208C000-memory.dmp

Filesize
624KB

Download
memory/696-249-0x0000000001FF0000-0x000000000208C000-memory.dmp

Filesize
624KB

Download
memory/832-123-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1052-146-0x0000000001EF0000-0x0000000001F8C000-memory.dmp

Filesize
624KB

Download
memory/1052-142-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1052-145-0x0000000001EF0000-0x0000000001F8C000-memory.dmp

Filesize
624KB

Download
memory/1272-228-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1272-231-0x00000000004A0000-0x000000000053C000-memory.dmp

Filesize
624KB

Download
memory/1272-230-0x00000000004A0000-0x000000000053C000-memory.dmp

Filesize
624KB

Download
memory/1300-219-0x0000000002BF0000-0x0000000002C8C000-memory.dmp

Filesize
624KB

Download
memory/1300-168-0x0000000002BF0000-0x0000000002C8C000-memory.dmp

Filesize
624KB

Download
memory/1300-218-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1424-257-0x0000000002000000-0x000000000209C000-memory.dmp

Filesize
624KB

Download
memory/1424-258-0x0000000002000000-0x000000000209C000-memory.dmp

Filesize
624KB

Download
memory/1424-256-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1452-126-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1488-138-0x0000000001F30000-0x0000000001FCC000-memory.dmp

Filesize
624KB

Download
memory/1488-137-0x0000000001F30000-0x0000000001FCC000-memory.dmp

Filesize
624KB

Download
memory/1488-136-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1556-169-0x0000000001E40000-0x0000000001EDC000-memory.dmp

Filesize
624KB

Download
memory/1556-220-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1556-221-0x0000000001E40000-0x0000000001EDC000-memory.dmp

Filesize
624KB

Download
memory/1624-223-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1624-225-0x0000000001FF0000-0x000000000208C000-memory.dmp

Filesize
624KB

Download
memory/1624-173-0x0000000001FF0000-0x000000000208C000-memory.dmp

Filesize
624KB

Download
memory/1656-260-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1656-261-0x0000000002BB0000-0x0000000002C4C000-memory.dmp

Filesize
624KB

Download
memory/1688-154-0x0000000002C10000-0x0000000002CAC000-memory.dmp

Filesize
624KB

Download
memory/1688-155-0x0000000002C10000-0x0000000002CAC000-memory.dmp

Filesize
624KB

Download
memory/1688-153-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1700-135-0x0000000001DE0000-0x0000000001E7C000-memory.dmp

Filesize
624KB

Download
memory/1700-132-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1752-237-0x0000000002000000-0x000000000209C000-memory.dmp

Filesize
624KB

Download
memory/1752-235-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1752-238-0x0000000002000000-0x000000000209C000-memory.dmp

Filesize
624KB

Download
memory/1784-227-0x0000000002010000-0x00000000020AC000-memory.dmp

Filesize
624KB

Download
memory/1784-226-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1908-127-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1912-131-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1960-254-0x0000000002BF0000-0x0000000002C8C000-memory.dmp

Filesize
624KB

Download
memory/1960-252-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1960-255-0x0000000002BF0000-0x0000000002C8C000-memory.dmp

Filesize
624KB

Download
memory/2020-59-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2020-61-0x0000000002CA0000-0x0000000002D3C000-memory.dmp

Filesize
624KB

Download
memory/2020-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/2028-124-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2032-233-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2032-234-0x0000000001FC0000-0x000000000205C000-memory.dmp

Filesize
624KB

Download

description	ioc	Process
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe
File created	C:\Windows\SysWOW64\a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe	a4ff138f135718ddd85efc2e2b806f11770fd8e7274b2cd09929c7762423ae8d.exe