neshta | a9f25d8e086b0a83ac4be5c2a404cff535e2ed8b723c9005b64b8f768941ccd6

Analysis

max time kernel
130s
max time network
54s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15-10-2023 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5c217dec6b5572652a097fdaa836700_exe32.exe
Size

127KB
MD5

b5c217dec6b5572652a097fdaa836700
SHA1

ac1aed1e8ce10b5cc407f213b612b3a575a48c5c
SHA256

a9f25d8e086b0a83ac4be5c2a404cff535e2ed8b723c9005b64b8f768941ccd6
SHA512

133d2e34b05051dd837f0bc4aae41604c2c6f0c6944c912e6533e9a4dea490716965ff24a3c9db2f830316634217e277ed8087c87168d583e212358babbb0953
SSDEEP

1536:JxqjQ+P04wsmJCEWN/do8pbaW2OWb2GqtE4OxqjQ+P04wsmJC:sr85CRN/do8pbld+ar85C

Score

10^/10

neshta persistence spyware stealer

Malware Config

Signatures

Detect Neshta payload 64 IoCs

resource	yara_rule
behavioral1/files/0x000a000000012268-2.dat	family_neshta
behavioral1/files/0x000a000000012268-4.dat	family_neshta
behavioral1/files/0x000a000000012268-6.dat	family_neshta
behavioral1/files/0x000a000000012268-8.dat	family_neshta
behavioral1/files/0x000a000000012268-10.dat	family_neshta
behavioral1/memory/2524-11-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-12.dat	family_neshta
behavioral1/files/0x0036000000016adf-13.dat	family_neshta
behavioral1/files/0x0036000000016adf-14.dat	family_neshta
behavioral1/files/0x000a000000012268-18.dat	family_neshta
behavioral1/files/0x000a000000012268-19.dat	family_neshta
behavioral1/files/0x000a000000012268-20.dat	family_neshta
behavioral1/files/0x000a000000012268-21.dat	family_neshta
behavioral1/memory/2636-26-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/2532-25-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-35.dat	family_neshta
behavioral1/files/0x000a000000012268-34.dat	family_neshta
behavioral1/files/0x000a000000012268-33.dat	family_neshta
behavioral1/files/0x0036000000016adf-24.dat	family_neshta
behavioral1/files/0x000a000000012268-36.dat	family_neshta
behavioral1/memory/2936-40-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-50.dat	family_neshta
behavioral1/files/0x000a000000012268-49.dat	family_neshta
behavioral1/files/0x000a000000012268-48.dat	family_neshta
behavioral1/memory/2308-41-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0036000000016adf-37.dat	family_neshta
behavioral1/files/0x000a000000012268-51.dat	family_neshta
behavioral1/memory/1216-54-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/2960-55-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-65.dat	family_neshta
behavioral1/files/0x000a000000012268-64.dat	family_neshta
behavioral1/files/0x0036000000016adf-56.dat	family_neshta
behavioral1/files/0x000a000000012268-63.dat	family_neshta
behavioral1/files/0x000a000000012268-66.dat	family_neshta
behavioral1/files/0x000a000000012268-78.dat	family_neshta
behavioral1/files/0x000a000000012268-80.dat	family_neshta
behavioral1/files/0x000a000000012268-79.dat	family_neshta
behavioral1/memory/2908-71-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/1160-70-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0036000000016adf-67.dat	family_neshta
behavioral1/files/0x000a000000012268-81.dat	family_neshta
behavioral1/memory/2748-85-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0036000000016adf-86.dat	family_neshta
behavioral1/files/0x000a000000012268-95.dat	family_neshta
behavioral1/files/0x000a000000012268-94.dat	family_neshta
behavioral1/files/0x000a000000012268-93.dat	family_neshta
behavioral1/memory/772-84-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-96.dat	family_neshta
behavioral1/memory/2712-99-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-110.dat	family_neshta
behavioral1/files/0x000a000000012268-109.dat	family_neshta
behavioral1/files/0x0036000000016adf-101.dat	family_neshta
behavioral1/files/0x000a000000012268-108.dat	family_neshta
behavioral1/memory/1476-100-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/1588-114-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0036000000016adf-116.dat	family_neshta
behavioral1/files/0x000a000000012268-124.dat	family_neshta
behavioral1/files/0x000a000000012268-125.dat	family_neshta
behavioral1/files/0x000a000000012268-123.dat	family_neshta
behavioral1/memory/1872-115-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-111.dat	family_neshta
behavioral1/files/0x000a000000012268-126.dat	family_neshta
behavioral1/memory/2704-130-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x000a000000012268-138.dat	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta

Executes dropped EXE 64 IoCs

pid	Process
2540	b5c217dec6b5572652a097fdaa836700_exe32.exe
2532	svchost.com
2636	B5C217~1.EXE
2308	svchost.com
2936	B5C217~1.EXE
2960	svchost.com
1216	B5C217~1.EXE
2908	svchost.com
1160	B5C217~1.EXE
2748	svchost.com
772	B5C217~1.EXE
1476	svchost.com
2712	B5C217~1.EXE
1872	svchost.com
1588	B5C217~1.EXE
1332	svchost.com
2704	B5C217~1.EXE
2472	svchost.com
2076	B5C217~1.EXE
1796	svchost.com
1760	B5C217~1.EXE
1128	svchost.com
2392	B5C217~1.EXE
1916	B5C217~1.EXE
1384	B5C217~1.EXE
804	svchost.com
1236	B5C217~1.EXE
1948	svchost.com
924	B5C217~1.EXE
1372	svchost.com
2024	B5C217~1.EXE
2204	B5C217~1.EXE
2152	B5C217~1.EXE
2192	svchost.com
296	B5C217~1.EXE
2408	svchost.com
1864	B5C217~1.EXE
2044	svchost.com
2004	B5C217~1.EXE
880	svchost.com
2008	svchost.com
1072	svchost.com
2856	B5C217~1.EXE
1584	B5C217~1.EXE
1896	B5C217~1.EXE
2576	svchost.com
2580	B5C217~1.EXE
2128	svchost.com
2532	B5C217~1.EXE
1692	svchost.com
3016	svchost.com
3028	svchost.com
3024	B5C217~1.EXE
2332	svchost.com
556	B5C217~1.EXE
1936	svchost.com
2868	B5C217~1.EXE
2892	svchost.com
752	B5C217~1.EXE
976	svchost.com
1480	svchost.com
1256	svchost.com
2900	B5C217~1.EXE
1744	B5C217~1.EXE

Loads dropped DLL 64 IoCs

pid	Process
2524	b5c217dec6b5572652a097fdaa836700_exe32.exe
2524	b5c217dec6b5572652a097fdaa836700_exe32.exe
2540	b5c217dec6b5572652a097fdaa836700_exe32.exe
2532	svchost.com
2532	svchost.com
2636	B5C217~1.EXE
2308	svchost.com
2308	svchost.com
2936	B5C217~1.EXE
2960	svchost.com
2960	svchost.com
1216	B5C217~1.EXE
2908	svchost.com
2908	svchost.com
1160	B5C217~1.EXE
2748	svchost.com
2748	svchost.com
772	B5C217~1.EXE
1476	svchost.com
1476	svchost.com
2712	B5C217~1.EXE
1872	svchost.com
1872	svchost.com
1588	B5C217~1.EXE
1332	svchost.com
1332	svchost.com
2704	B5C217~1.EXE
2472	svchost.com
2472	svchost.com
2076	B5C217~1.EXE
1796	svchost.com
1796	svchost.com
1760	B5C217~1.EXE
1128	svchost.com
1128	svchost.com
2392	B5C217~1.EXE
1916	B5C217~1.EXE
1916	B5C217~1.EXE
1384	B5C217~1.EXE
804	svchost.com
804	svchost.com
1236	B5C217~1.EXE
1948	svchost.com
1948	svchost.com
924	B5C217~1.EXE
1372	svchost.com
1372	svchost.com
2024	B5C217~1.EXE
2204	B5C217~1.EXE
2204	B5C217~1.EXE
2152	B5C217~1.EXE
2192	svchost.com
2192	svchost.com
296	B5C217~1.EXE
2408	svchost.com
2408	svchost.com
1864	B5C217~1.EXE
2044	svchost.com
2044	svchost.com
2004	B5C217~1.EXE
880	svchost.com
880	svchost.com
2008	svchost.com
1072	svchost.com

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	b5c217dec6b5572652a097fdaa836700_exe32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\PROGRA~2\Adobe\READER~1.0\Reader\A3DUTI~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\INTERN~1\iexplore.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~1\wab.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~1\WinMail.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\WMPDMC.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\XLICONS.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\ACCICONS.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBE_~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~1\wabmig.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\wmplayer.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ielowutil.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\setup_wm.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ieinstal.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\setup_wm.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~1\wabmig.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\wmplayer.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI4223~1\sidebar.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\wmprph.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\ImagingDevices.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ieinstal.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\MOZILL~1\UNINST~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WI54FB~1\wmpshare.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe	b5c217dec6b5572652a097fdaa836700_exe32.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE	b5c217dec6b5572652a097fdaa836700_exe32.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	Process not Found
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	Process not Found
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\svchost.com	Process not Found
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\svchost.com	Process not Found
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\directx.sys	Process not Found
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE
File opened for modification	C:\Windows\directx.sys	B5C217~1.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	b5c217dec6b5572652a097fdaa836700_exe32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2540	2524	b5c217dec6b5572652a097fdaa836700_exe32.exe	27
PID 2524 wrote to memory of 2540	2524	b5c217dec6b5572652a097fdaa836700_exe32.exe	27
PID 2524 wrote to memory of 2540	2524	b5c217dec6b5572652a097fdaa836700_exe32.exe	27
PID 2524 wrote to memory of 2540	2524	b5c217dec6b5572652a097fdaa836700_exe32.exe	27
PID 2540 wrote to memory of 2532	2540	b5c217dec6b5572652a097fdaa836700_exe32.exe	28
PID 2540 wrote to memory of 2532	2540	b5c217dec6b5572652a097fdaa836700_exe32.exe	28
PID 2540 wrote to memory of 2532	2540	b5c217dec6b5572652a097fdaa836700_exe32.exe	28
PID 2540 wrote to memory of 2532	2540	b5c217dec6b5572652a097fdaa836700_exe32.exe	28
PID 2532 wrote to memory of 2636	2532	svchost.com	29
PID 2532 wrote to memory of 2636	2532	svchost.com	29
PID 2532 wrote to memory of 2636	2532	svchost.com	29
PID 2532 wrote to memory of 2636	2532	svchost.com	29
PID 2636 wrote to memory of 2308	2636	B5C217~1.EXE	30
PID 2636 wrote to memory of 2308	2636	B5C217~1.EXE	30
PID 2636 wrote to memory of 2308	2636	B5C217~1.EXE	30
PID 2636 wrote to memory of 2308	2636	B5C217~1.EXE	30
PID 2308 wrote to memory of 2936	2308	svchost.com	31
PID 2308 wrote to memory of 2936	2308	svchost.com	31
PID 2308 wrote to memory of 2936	2308	svchost.com	31
PID 2308 wrote to memory of 2936	2308	svchost.com	31
PID 2936 wrote to memory of 2960	2936	B5C217~1.EXE	32
PID 2936 wrote to memory of 2960	2936	B5C217~1.EXE	32
PID 2936 wrote to memory of 2960	2936	B5C217~1.EXE	32
PID 2936 wrote to memory of 2960	2936	B5C217~1.EXE	32
PID 2960 wrote to memory of 1216	2960	svchost.com	33
PID 2960 wrote to memory of 1216	2960	svchost.com	33
PID 2960 wrote to memory of 1216	2960	svchost.com	33
PID 2960 wrote to memory of 1216	2960	svchost.com	33
PID 1216 wrote to memory of 2908	1216	B5C217~1.EXE	34
PID 1216 wrote to memory of 2908	1216	B5C217~1.EXE	34
PID 1216 wrote to memory of 2908	1216	B5C217~1.EXE	34
PID 1216 wrote to memory of 2908	1216	B5C217~1.EXE	34
PID 2908 wrote to memory of 1160	2908	svchost.com	35
PID 2908 wrote to memory of 1160	2908	svchost.com	35
PID 2908 wrote to memory of 1160	2908	svchost.com	35
PID 2908 wrote to memory of 1160	2908	svchost.com	35
PID 1160 wrote to memory of 2748	1160	B5C217~1.EXE	36
PID 1160 wrote to memory of 2748	1160	B5C217~1.EXE	36
PID 1160 wrote to memory of 2748	1160	B5C217~1.EXE	36
PID 1160 wrote to memory of 2748	1160	B5C217~1.EXE	36
PID 2748 wrote to memory of 772	2748	svchost.com	37
PID 2748 wrote to memory of 772	2748	svchost.com	37
PID 2748 wrote to memory of 772	2748	svchost.com	37
PID 2748 wrote to memory of 772	2748	svchost.com	37
PID 772 wrote to memory of 1476	772	B5C217~1.EXE	38
PID 772 wrote to memory of 1476	772	B5C217~1.EXE	38
PID 772 wrote to memory of 1476	772	B5C217~1.EXE	38
PID 772 wrote to memory of 1476	772	B5C217~1.EXE	38
PID 1476 wrote to memory of 2712	1476	svchost.com	39
PID 1476 wrote to memory of 2712	1476	svchost.com	39
PID 1476 wrote to memory of 2712	1476	svchost.com	39
PID 1476 wrote to memory of 2712	1476	svchost.com	39
PID 2712 wrote to memory of 1872	2712	B5C217~1.EXE	40
PID 2712 wrote to memory of 1872	2712	B5C217~1.EXE	40
PID 2712 wrote to memory of 1872	2712	B5C217~1.EXE	40
PID 2712 wrote to memory of 1872	2712	B5C217~1.EXE	40
PID 1872 wrote to memory of 1588	1872	svchost.com	41
PID 1872 wrote to memory of 1588	1872	svchost.com	41
PID 1872 wrote to memory of 1588	1872	svchost.com	41
PID 1872 wrote to memory of 1588	1872	svchost.com	41
PID 1588 wrote to memory of 1332	1588	B5C217~1.EXE	42
PID 1588 wrote to memory of 1332	1588	B5C217~1.EXE	42
PID 1588 wrote to memory of 1332	1588	B5C217~1.EXE	42
PID 1588 wrote to memory of 1332	1588	B5C217~1.EXE	42

C:\Users\Admin\AppData\Local\Temp\b5c217dec6b5572652a097fdaa836700_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\b5c217dec6b5572652a097fdaa836700_exe32.exe"
1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe
  "C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2936
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1160
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:772
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2712
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1588
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2704
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2076
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2056
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:2756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:2832
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:2760

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1760
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:1128
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2392
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1384
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1236
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:924
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2024
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2152
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2192
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2268
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:944
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2264
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1188
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2204
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:2192
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2644
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:1528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:1072
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:3036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:2652
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:1656
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        27⤵
        
        PID:328
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        28⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        29⤵
        
        PID:3040
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        30⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        31⤵
        
        PID:2604
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        32⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        33⤵
        Drops file in Windows directory
        
        PID:2832
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        34⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        35⤵
        
        PID:528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        36⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        37⤵
        
        PID:2836
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        38⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        39⤵
        
        PID:1484
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        40⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        41⤵
        
        PID:2656
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        42⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        43⤵
        
        PID:2292
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        44⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        42⤵
        
        PID:1744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        43⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        44⤵
        
        PID:2108
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        45⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        46⤵
        Drops file in Windows directory
        
        PID:1732
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        47⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        48⤵
        
        PID:532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        49⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        50⤵
        
        PID:2708
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        51⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        52⤵
        
        PID:1276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        53⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        54⤵
        
        PID:640
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        55⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        56⤵
        
        PID:2088
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        57⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        58⤵
        
        PID:904
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        59⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        60⤵
        
        PID:2252
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        61⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        62⤵
        
        PID:1512
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        63⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        64⤵
        
        PID:1700
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        65⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        66⤵
        
        PID:3048
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        67⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:2432
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:2624
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:916
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2008
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:2348
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:2580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        26⤵
        Drops file in Windows directory
        
        PID:3000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        27⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2632
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:2684
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        Drops file in Windows directory
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:2924
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        26⤵
        
        PID:2112
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        27⤵
        Drops file in Windows directory
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        28⤵
        
        PID:2132
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        29⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        30⤵
        
        PID:2396
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        31⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:752
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        34⤵
        
        PID:2556
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        35⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        29⤵
        
        PID:976
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        30⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        27⤵
        
        PID:1604
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        28⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:1528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:1940
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2024
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:296

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:296
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2408
- C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  2⤵
  PID:108
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
    3⤵
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      4⤵
      PID:2156
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:932
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:2772
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        Drops file in Windows directory
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2628
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:2348
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:2988
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:2736
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2904
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        Drops file in Windows directory
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2396
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:2720
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        26⤵
        
        PID:2940
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        27⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        28⤵
        
        PID:324
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        29⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        30⤵
        
        PID:2464
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        31⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:1724
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:3040
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:2936
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        Executes dropped EXE
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2808
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:2836
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:2000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2248
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2628
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:2912
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2576
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:1704
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:2832
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:2884
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2856
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:2800
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:2632
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2636

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1864
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2044
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2004
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:880

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2008
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1072
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    - Executes dropped EXE
    PID:2856
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:1584

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1896
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  PID:2576

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
PID:2580
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  PID:2128

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
PID:2532
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  PID:1692

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:3016
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    - Executes dropped EXE
    PID:3024
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:556
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        Executes dropped EXE
        
        PID:1936
- C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  2⤵
  PID:3008
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
    3⤵
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      4⤵
      Executes dropped EXE
      PID:556
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        5⤵
        Drops file in Windows directory
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:2404
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:1936
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2916
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:1272
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2584

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2868
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Executes dropped EXE
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:752
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      Executes dropped EXE
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1480
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        Executes dropped EXE
        
        PID:1256

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2900
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1636
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1740
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2304
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:972
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1688
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1048
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2064
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:984
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:824

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Drops file in Windows directory
PID:2280
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Drops file in Windows directory
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:640
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2448

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1920
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:684
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    - Drops file in Windows directory
    PID:1340
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:272
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1916
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:904
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1700
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:696
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:1508
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:1176
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:2008
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:2632
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:2192
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:1964
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2164
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:2608
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:3036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        Drops file in Windows directory
        
        PID:2520
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:2348
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:1912
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:1128
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:804
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2024
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        Drops file in Windows directory
        
        PID:3056
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:2700

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1584
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2248
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2536

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:3004
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:3032
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2864

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2756
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1704

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2832
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2752
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:312
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:324

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2720
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:324
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1104
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1688
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        Drops file in Windows directory
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1016
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        Executes dropped EXE
        
        PID:1744
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:2236
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1592
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2956
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1776
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        Drops file in Windows directory
        
        PID:1732
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:1048
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:1784
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:1080
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1332
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:824
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:396
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:1796
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        Drops file in Windows directory
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:1204
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2052
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:440
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:1596
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:1204
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2440
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:1928
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:1132
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2260
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1728
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2012
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:440
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:1396
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:272
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:940
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:944
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        Drops file in Windows directory
        
        PID:1492
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:1588
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:824

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1740
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1904

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1728
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1056

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:572
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:640
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1760
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1960
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2420

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1236
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:892
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2124
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:2040

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1892
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1708
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2080
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2408
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:2700
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:3056
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        Drops file in Windows directory
        
        PID:2144
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2568
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:3000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:2036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:2044
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2688
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:2560
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:2592
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2972
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:3024
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:556
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:2308
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2780
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:2648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:3036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:2984
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2924
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:268
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:2404
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        26⤵
        
        PID:528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        27⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        28⤵
        
        PID:2808
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        29⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        30⤵
        
        PID:2880
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        31⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:2948
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        34⤵
        
        PID:2956
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        35⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        36⤵
        
        PID:488
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        37⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        38⤵
        
        PID:532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        39⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        27⤵
        
        PID:976
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        28⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:3028
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:1604
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:3004
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:556
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:2728
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        27⤵
        
        PID:2816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        28⤵
        Drops file in Windows directory
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        29⤵
        
        PID:1872
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        30⤵
        Drops file in Windows directory
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        31⤵
        
        PID:2464
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        32⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        33⤵
        
        PID:2260
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        34⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        35⤵
        
        PID:2096
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        36⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        37⤵
        
        PID:2100
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        38⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        39⤵
        
        PID:828
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        40⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        41⤵
        
        PID:896
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        42⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        43⤵
        
        PID:1548
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        44⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        45⤵
        
        PID:1080
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        46⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        47⤵
        
        PID:2440
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        48⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        49⤵
        
        PID:1888
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        50⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        51⤵
        
        PID:1912
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        52⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        53⤵
        
        PID:1756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        54⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        55⤵
        
        PID:1968
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        56⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        57⤵
        
        PID:2792
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        58⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        59⤵
        
        PID:2432
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        60⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:2940
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:2556
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        27⤵
        
        PID:1872
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        28⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        29⤵
        
        PID:2584
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        30⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        31⤵
        
        PID:1688
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        32⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        33⤵
        
        PID:2260
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        34⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        35⤵
        
        PID:2096
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        36⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2044
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:1528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:1628
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2128
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:2996
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:1696
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:3012

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2944
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2308

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2752
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2556

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2816
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1488
- C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  2⤵
  PID:2728
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
    3⤵
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      4⤵
      Drops file in Windows directory
      PID:1104
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:1688
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:1416

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1484
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2956

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2900
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:488
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2064
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2220
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:640
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1920
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:1960
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        Drops file in Windows directory
        
        PID:1596
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2116
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2268
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        Drops file in Windows directory
        
        PID:908
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:1080
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:2416
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:988
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:2076
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:440
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2484
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:1816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:1944
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:1912
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        Drops file in Windows directory
        
        PID:2040
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:2460
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:292
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:920
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        26⤵
        
        PID:2672
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        27⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        28⤵
        
        PID:2156
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        29⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        30⤵
        
        PID:2328
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        31⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:2196
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        34⤵
        
        PID:3036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        35⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        36⤵
        
        PID:2532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        37⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        38⤵
        
        PID:2996
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        39⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        40⤵
        
        PID:2112
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        41⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        42⤵
        Drops file in Windows directory
        
        PID:2864
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        43⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        44⤵
        
        PID:2132
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        45⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        46⤵
        Drops file in Windows directory
        
        PID:2756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        47⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        48⤵
        
        PID:1184
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        49⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        50⤵
        
        PID:1476
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        51⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        52⤵
        
        PID:3068
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        53⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        54⤵
        
        PID:2108
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        55⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        56⤵
        
        PID:1660
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        57⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        58⤵
        
        PID:628
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        59⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        60⤵
        
        PID:396
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        61⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        62⤵
        
        PID:1796
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        63⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        64⤵
        
        PID:1668
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        65⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        66⤵
        
        PID:1716
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        67⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        68⤵
        
        PID:1512
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        69⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        70⤵
        
        PID:1988
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        71⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        72⤵
        
        PID:944
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        73⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        74⤵
        
        PID:108
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        75⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        76⤵
        
        PID:2848
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        77⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        78⤵
        
        PID:1156
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        79⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        68⤵
        
        PID:1888
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        69⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        70⤵
        
        PID:2768
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        71⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        72⤵
        
        PID:1620
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        73⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        74⤵
        
        PID:3060
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        75⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        76⤵
        
        PID:1820
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        77⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        54⤵
        
        PID:572
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        55⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        56⤵
        
        PID:1588
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        57⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        58⤵
        
        PID:824
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        59⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        60⤵
        
        PID:2084
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        61⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        62⤵
        
        PID:2472
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        63⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        59⤵
        
        PID:744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        60⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        61⤵
        
        PID:2448
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        62⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        63⤵
        
        PID:1944
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        64⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        65⤵
        
        PID:2040
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        66⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        28⤵
        
        PID:2700
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        29⤵
        Drops file in Windows directory
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        30⤵
        
        PID:836
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        31⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:2008
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        34⤵
        
        PID:2628
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        35⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        36⤵
        
        PID:1692
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        37⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        37⤵
        
        PID:2980
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        38⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:2400
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        24⤵
        
        PID:3052
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        25⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        26⤵
        
        PID:2036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        27⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        28⤵
        
        PID:1880
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        29⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        30⤵
        
        PID:836
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        31⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:2008
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:696
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        20⤵
        
        PID:1076
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        21⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        22⤵
        
        PID:1400
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        23⤵
        
        PID:1192

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1912
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:944
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1672
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1192
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:2276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:1380
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:2792
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:1864

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2204
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:552
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      Drops file in Windows directory
      PID:2080

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2348
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:3004
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      Executes dropped EXE
      PID:3016

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2616
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2300
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2752
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1592
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:1924
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:1664
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2220
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:1212

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:940
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1564
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1956
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:596
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:544
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:2228

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1492
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2320

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2276
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:296
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2212
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2192

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:528
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2744
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2992
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1484
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        Executes dropped EXE
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1476
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:1764
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:488
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2304
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2436
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:2100
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:572
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2428
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:2392
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:2448
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:2284
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:1668
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        27⤵
        
        PID:2140
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        28⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        29⤵
        
        PID:2160
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        30⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        31⤵
        
        PID:2024
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        32⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        32⤵
        
        PID:2276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        33⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        34⤵
        
        PID:868
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        35⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        36⤵
        
        PID:2192
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        37⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        38⤵
        
        PID:2328
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        39⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:2064
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:2084
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        18⤵
        
        PID:828
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        19⤵
        
        PID:2384

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:760
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1804
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1920
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2284
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1236
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:908
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        Drops file in Windows directory
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:860
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2120
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2320
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:1812

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2532
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1860

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2468
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1776
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2052

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1988
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1376
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2620
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      Drops file in Windows directory
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:552
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1400
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1176
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2164
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:2196
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2628
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:3000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2644
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:1868
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        Drops file in Windows directory
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        
        PID:2044
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2008
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:2516
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:2972
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:1216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        24⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        25⤵
        
        PID:268
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        26⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2024
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:296
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:2036
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:1868

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:3032
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    - Drops file in Windows directory
    PID:1604
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:268

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2308
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:580
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:528
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:476
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1184
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:2760
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:972
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        Drops file in Windows directory
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2108
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:1740
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2100

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1544
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:684
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1716
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1344
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:2160
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      4⤵
      PID:2060
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:860
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:2620
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        Drops file in Windows directory
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        10⤵
        
        PID:1948
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        11⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        12⤵
        
        PID:2020
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        13⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        14⤵
        
        PID:552
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        15⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        16⤵
        
        PID:2240
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        17⤵
        
        PID:2800

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:3040
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Drops file in Windows directory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:364
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:752
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        Drops file in Windows directory
        
        PID:2808
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:2816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:1480
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:564

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2748
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  - Drops file in Windows directory
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1680
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1676
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:1536
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:1480

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1960
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1956

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:1212
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2104
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:640
- C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
  2⤵
  PID:760
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
    3⤵
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
      4⤵
      PID:628
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        5⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        6⤵
        
        PID:828
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        8⤵
        
        PID:640
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        9⤵
        
        PID:2384

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:2160
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:2320
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2264

C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
1⤵
PID:3056
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
  2⤵
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
    3⤵
    PID:1896
  - - C:\Windows\svchost.com
      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:1072
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        5⤵
        
        PID:2500
      - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        6⤵
        Drops file in Windows directory
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        7⤵
        
        PID:1656
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        9⤵
        
        PID:3024
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        10⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        11⤵
        
        PID:2864
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        12⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        13⤵
        
        PID:3004
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        15⤵
        Drops file in Windows directory
        
        PID:3012
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        16⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        17⤵
        
        PID:2716
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        18⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        19⤵
        
        PID:2752
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        20⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        21⤵
        
        PID:2616
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE"
        22⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\B5C217~1.EXE
        23⤵
        
        PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
6d1928eb123a1881522f70889a27f810

SHA1
7a0451c556e2115226c218be7ebe8765204d2d6f

SHA256
55d649569207b415f8e0700171d6aa227d789895c44d32a261760d9c2650ff3e

SHA512
f3b47013a082def719655129e41b94eb0e6f86beef411d856a06d60201866bffbae70a20da1930fd15c5c947e8d11ea5cd37bf89179f8203ab549bce807d51be

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
36fd5e09c417c767a952b4609d73a54b

SHA1
299399c5a2403080a5bf67fb46faec210025b36d

SHA256
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2

SHA512
1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\b5c217dec6b5572652a097fdaa836700_exe32.exe

Filesize
87KB

MD5
ad4bf953cb20560e8543fc05d3486dc9

SHA1
2afcea2e9e321b4ac472c06f11ee1caf52d8f3c9

SHA256
4b8ec3f112eaf148efd2988a170661a2379f5e8d098e2e4d62723acd8f47da7b

SHA512
f74d879ce465892ab3a698b8ff87fa7ba9e1c3e396c4e372b2089deb0b5319b70644df5cd50f9a12d9542472df43a9f766fd510590b25c68b3ce1ef4ca639728

Download Submit
memory/296-204-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/556-284-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/752-300-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/772-84-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/804-173-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/880-229-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/924-180-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/976-309-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1072-237-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1128-157-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1160-70-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1216-54-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1236-172-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1256-317-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1332-131-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1372-189-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1384-164-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1476-100-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1480-308-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1584-245-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1588-114-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1636-324-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1692-269-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1760-149-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1796-148-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1864-213-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1872-115-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1896-244-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1916-165-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1936-293-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1948-181-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2004-220-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2008-228-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2024-188-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2044-221-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2076-140-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2128-261-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2152-196-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2192-205-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2204-197-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2308-41-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2332-285-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2392-156-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2408-212-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2472-141-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2524-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2532-25-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2532-260-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2576-253-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2580-252-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2636-26-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2704-130-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2712-99-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2748-85-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2856-236-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2868-292-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2892-301-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2900-316-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2908-71-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2936-40-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2960-55-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3016-268-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3024-276-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3028-277-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads