f025fe750251eec26dd53cec580f5b4ce0c12feb36d31cf34e8af6578ce13135

Analysis

max time kernel
111s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4965c4c32f11f2cd37b8e25fa030b876.exe
Size

10.8MB
MD5

4965c4c32f11f2cd37b8e25fa030b876
SHA1

1ae0bde47aa47818fcf20f029e9eb48ce3979d26
SHA256

f025fe750251eec26dd53cec580f5b4ce0c12feb36d31cf34e8af6578ce13135
SHA512

6894597f52018163f15b33954e81595d0838adcf473512e102fc042ddfea70493eee54656422523a7365ff6ceaac6e47ab33a4da8d40c1cc51977afed2cfc212
SSDEEP

49152:3bz3XnXr4HNqSLRcG1y7QYo1eoUgDRr4lXqb/2isATBdZq1:3bTXbHSLRB0owWD5eqb/2YBTg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2064	4965c4c32f11f2cd37b8e25fa030b876.exe
3056	4965c4c32f11f2cd37b8e25fa030b876.exe
2764	4965c4c32f11f2cd37b8e25fa030b876.exe
2912	4965c4c32f11f2cd37b8e25fa030b876.exe
1716	4965c4c32f11f2cd37b8e25fa030b876.exe
2660	4965c4c32f11f2cd37b8e25fa030b876.exe
1660	4965c4c32f11f2cd37b8e25fa030b876.exe
2836	4965c4c32f11f2cd37b8e25fa030b876.exe
1620	4965c4c32f11f2cd37b8e25fa030b876.exe
1624	4965c4c32f11f2cd37b8e25fa030b876.exe
1536	4965c4c32f11f2cd37b8e25fa030b876.exe
268	4965c4c32f11f2cd37b8e25fa030b876.exe
2972	4965c4c32f11f2cd37b8e25fa030b876.exe
1220	4965c4c32f11f2cd37b8e25fa030b876.exe
2284	4965c4c32f11f2cd37b8e25fa030b876.exe
2940	4965c4c32f11f2cd37b8e25fa030b876.exe
2944	4965c4c32f11f2cd37b8e25fa030b876.exe
2896	4965c4c32f11f2cd37b8e25fa030b876.exe
436	4965c4c32f11f2cd37b8e25fa030b876.exe
1136	4965c4c32f11f2cd37b8e25fa030b876.exe
1792	4965c4c32f11f2cd37b8e25fa030b876.exe
1588	4965c4c32f11f2cd37b8e25fa030b876.exe
800	4965c4c32f11f2cd37b8e25fa030b876.exe
588	4965c4c32f11f2cd37b8e25fa030b876.exe
2492	4965c4c32f11f2cd37b8e25fa030b876.exe
2136	4965c4c32f11f2cd37b8e25fa030b876.exe
1312	4965c4c32f11f2cd37b8e25fa030b876.exe
1972	4965c4c32f11f2cd37b8e25fa030b876.exe
1548	4965c4c32f11f2cd37b8e25fa030b876.exe
2488	4965c4c32f11f2cd37b8e25fa030b876.exe
2064	4965c4c32f11f2cd37b8e25fa030b876.exe
2384	4965c4c32f11f2cd37b8e25fa030b876.exe
2656	4965c4c32f11f2cd37b8e25fa030b876.exe
2856	4965c4c32f11f2cd37b8e25fa030b876.exe
1360	4965c4c32f11f2cd37b8e25fa030b876.exe
3000	4965c4c32f11f2cd37b8e25fa030b876.exe
2520	4965c4c32f11f2cd37b8e25fa030b876.exe
2840	4965c4c32f11f2cd37b8e25fa030b876.exe
2852	4965c4c32f11f2cd37b8e25fa030b876.exe
1084	4965c4c32f11f2cd37b8e25fa030b876.exe
1624	4965c4c32f11f2cd37b8e25fa030b876.exe
1552	4965c4c32f11f2cd37b8e25fa030b876.exe
472	4965c4c32f11f2cd37b8e25fa030b876.exe
1504	4965c4c32f11f2cd37b8e25fa030b876.exe
2336	4965c4c32f11f2cd37b8e25fa030b876.exe
856	4965c4c32f11f2cd37b8e25fa030b876.exe
2240	4965c4c32f11f2cd37b8e25fa030b876.exe
2292	4965c4c32f11f2cd37b8e25fa030b876.exe
628	4965c4c32f11f2cd37b8e25fa030b876.exe
2244	4965c4c32f11f2cd37b8e25fa030b876.exe
300	4965c4c32f11f2cd37b8e25fa030b876.exe
1300	4965c4c32f11f2cd37b8e25fa030b876.exe
328	4965c4c32f11f2cd37b8e25fa030b876.exe
916	4965c4c32f11f2cd37b8e25fa030b876.exe
2124	4965c4c32f11f2cd37b8e25fa030b876.exe
2448	4965c4c32f11f2cd37b8e25fa030b876.exe
1668	4965c4c32f11f2cd37b8e25fa030b876.exe
1596	4965c4c32f11f2cd37b8e25fa030b876.exe
1568	4965c4c32f11f2cd37b8e25fa030b876.exe
1852	4965c4c32f11f2cd37b8e25fa030b876.exe
2364	4965c4c32f11f2cd37b8e25fa030b876.exe
2744	4965c4c32f11f2cd37b8e25fa030b876.exe
2040	4965c4c32f11f2cd37b8e25fa030b876.exe
2808	4965c4c32f11f2cd37b8e25fa030b876.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	4965c4c32f11f2cd37b8e25fa030b876.exe
2488	4965c4c32f11f2cd37b8e25fa030b876.exe
2064	4965c4c32f11f2cd37b8e25fa030b876.exe
2064	4965c4c32f11f2cd37b8e25fa030b876.exe
3056	4965c4c32f11f2cd37b8e25fa030b876.exe
3056	4965c4c32f11f2cd37b8e25fa030b876.exe
2764	4965c4c32f11f2cd37b8e25fa030b876.exe
2764	4965c4c32f11f2cd37b8e25fa030b876.exe
2912	4965c4c32f11f2cd37b8e25fa030b876.exe
2912	4965c4c32f11f2cd37b8e25fa030b876.exe
1716	4965c4c32f11f2cd37b8e25fa030b876.exe
1716	4965c4c32f11f2cd37b8e25fa030b876.exe
2660	4965c4c32f11f2cd37b8e25fa030b876.exe
2660	4965c4c32f11f2cd37b8e25fa030b876.exe
1660	4965c4c32f11f2cd37b8e25fa030b876.exe
1660	4965c4c32f11f2cd37b8e25fa030b876.exe
2836	4965c4c32f11f2cd37b8e25fa030b876.exe
2836	4965c4c32f11f2cd37b8e25fa030b876.exe
1620	4965c4c32f11f2cd37b8e25fa030b876.exe
1620	4965c4c32f11f2cd37b8e25fa030b876.exe
1624	4965c4c32f11f2cd37b8e25fa030b876.exe
1624	4965c4c32f11f2cd37b8e25fa030b876.exe
1536	4965c4c32f11f2cd37b8e25fa030b876.exe
1536	4965c4c32f11f2cd37b8e25fa030b876.exe
268	4965c4c32f11f2cd37b8e25fa030b876.exe
268	4965c4c32f11f2cd37b8e25fa030b876.exe
2972	4965c4c32f11f2cd37b8e25fa030b876.exe
2972	4965c4c32f11f2cd37b8e25fa030b876.exe
1220	4965c4c32f11f2cd37b8e25fa030b876.exe
1220	4965c4c32f11f2cd37b8e25fa030b876.exe
2284	4965c4c32f11f2cd37b8e25fa030b876.exe
2284	4965c4c32f11f2cd37b8e25fa030b876.exe
2940	4965c4c32f11f2cd37b8e25fa030b876.exe
2940	4965c4c32f11f2cd37b8e25fa030b876.exe
2944	4965c4c32f11f2cd37b8e25fa030b876.exe
2944	4965c4c32f11f2cd37b8e25fa030b876.exe
2896	4965c4c32f11f2cd37b8e25fa030b876.exe
2896	4965c4c32f11f2cd37b8e25fa030b876.exe
436	4965c4c32f11f2cd37b8e25fa030b876.exe
436	4965c4c32f11f2cd37b8e25fa030b876.exe
1136	4965c4c32f11f2cd37b8e25fa030b876.exe
1136	4965c4c32f11f2cd37b8e25fa030b876.exe
1792	4965c4c32f11f2cd37b8e25fa030b876.exe
1792	4965c4c32f11f2cd37b8e25fa030b876.exe
1588	4965c4c32f11f2cd37b8e25fa030b876.exe
1588	4965c4c32f11f2cd37b8e25fa030b876.exe
800	4965c4c32f11f2cd37b8e25fa030b876.exe
800	4965c4c32f11f2cd37b8e25fa030b876.exe
588	4965c4c32f11f2cd37b8e25fa030b876.exe
588	4965c4c32f11f2cd37b8e25fa030b876.exe
2492	4965c4c32f11f2cd37b8e25fa030b876.exe
2492	4965c4c32f11f2cd37b8e25fa030b876.exe
2136	4965c4c32f11f2cd37b8e25fa030b876.exe
2136	4965c4c32f11f2cd37b8e25fa030b876.exe
1312	4965c4c32f11f2cd37b8e25fa030b876.exe
1312	4965c4c32f11f2cd37b8e25fa030b876.exe
1972	4965c4c32f11f2cd37b8e25fa030b876.exe
1972	4965c4c32f11f2cd37b8e25fa030b876.exe
1548	4965c4c32f11f2cd37b8e25fa030b876.exe
1548	4965c4c32f11f2cd37b8e25fa030b876.exe
2488	4965c4c32f11f2cd37b8e25fa030b876.exe
2488	4965c4c32f11f2cd37b8e25fa030b876.exe
2064	4965c4c32f11f2cd37b8e25fa030b876.exe
2064	4965c4c32f11f2cd37b8e25fa030b876.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 23 IoCs

installer

resource	yara_rule
behavioral1/files/0x000d00000001660f-6.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-6.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-7.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-7.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-18.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-18.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-17.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-17.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-29.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-29.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-28.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-28.dat	nsis_installer_2
behavioral1/files/0x000c00000001225b-32.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-39.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-39.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-40.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-40.dat	nsis_installer_2
behavioral1/files/0x000c00000001225b-43.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-50.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-50.dat	nsis_installer_2
behavioral1/files/0x000c00000001225b-44.dat	nsis_installer_2
behavioral1/files/0x000d00000001660f-51.dat	nsis_installer_1
behavioral1/files/0x000d00000001660f-51.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2064	2488	4965c4c32f11f2cd37b8e25fa030b876.exe	28
PID 2488 wrote to memory of 2064	2488	4965c4c32f11f2cd37b8e25fa030b876.exe	28
PID 2488 wrote to memory of 2064	2488	4965c4c32f11f2cd37b8e25fa030b876.exe	28
PID 2488 wrote to memory of 2064	2488	4965c4c32f11f2cd37b8e25fa030b876.exe	28
PID 2064 wrote to memory of 3056	2064	4965c4c32f11f2cd37b8e25fa030b876.exe	29
PID 2064 wrote to memory of 3056	2064	4965c4c32f11f2cd37b8e25fa030b876.exe	29
PID 2064 wrote to memory of 3056	2064	4965c4c32f11f2cd37b8e25fa030b876.exe	29
PID 2064 wrote to memory of 3056	2064	4965c4c32f11f2cd37b8e25fa030b876.exe	29
PID 3056 wrote to memory of 2764	3056	4965c4c32f11f2cd37b8e25fa030b876.exe	30
PID 3056 wrote to memory of 2764	3056	4965c4c32f11f2cd37b8e25fa030b876.exe	30
PID 3056 wrote to memory of 2764	3056	4965c4c32f11f2cd37b8e25fa030b876.exe	30
PID 3056 wrote to memory of 2764	3056	4965c4c32f11f2cd37b8e25fa030b876.exe	30
PID 2764 wrote to memory of 2912	2764	4965c4c32f11f2cd37b8e25fa030b876.exe	31
PID 2764 wrote to memory of 2912	2764	4965c4c32f11f2cd37b8e25fa030b876.exe	31
PID 2764 wrote to memory of 2912	2764	4965c4c32f11f2cd37b8e25fa030b876.exe	31
PID 2764 wrote to memory of 2912	2764	4965c4c32f11f2cd37b8e25fa030b876.exe	31
PID 2912 wrote to memory of 1716	2912	4965c4c32f11f2cd37b8e25fa030b876.exe	156
PID 2912 wrote to memory of 1716	2912	4965c4c32f11f2cd37b8e25fa030b876.exe	156
PID 2912 wrote to memory of 1716	2912	4965c4c32f11f2cd37b8e25fa030b876.exe	156
PID 2912 wrote to memory of 1716	2912	4965c4c32f11f2cd37b8e25fa030b876.exe	156
PID 1716 wrote to memory of 2660	1716	4965c4c32f11f2cd37b8e25fa030b876.exe	34
PID 1716 wrote to memory of 2660	1716	4965c4c32f11f2cd37b8e25fa030b876.exe	34
PID 1716 wrote to memory of 2660	1716	4965c4c32f11f2cd37b8e25fa030b876.exe	34
PID 1716 wrote to memory of 2660	1716	4965c4c32f11f2cd37b8e25fa030b876.exe	34
PID 2660 wrote to memory of 1660	2660	4965c4c32f11f2cd37b8e25fa030b876.exe	224
PID 2660 wrote to memory of 1660	2660	4965c4c32f11f2cd37b8e25fa030b876.exe	224
PID 2660 wrote to memory of 1660	2660	4965c4c32f11f2cd37b8e25fa030b876.exe	224
PID 2660 wrote to memory of 1660	2660	4965c4c32f11f2cd37b8e25fa030b876.exe	224
PID 1660 wrote to memory of 2836	1660	4965c4c32f11f2cd37b8e25fa030b876.exe	160
PID 1660 wrote to memory of 2836	1660	4965c4c32f11f2cd37b8e25fa030b876.exe	160
PID 1660 wrote to memory of 2836	1660	4965c4c32f11f2cd37b8e25fa030b876.exe	160
PID 1660 wrote to memory of 2836	1660	4965c4c32f11f2cd37b8e25fa030b876.exe	160
PID 2836 wrote to memory of 1620	2836	4965c4c32f11f2cd37b8e25fa030b876.exe	37
PID 2836 wrote to memory of 1620	2836	4965c4c32f11f2cd37b8e25fa030b876.exe	37
PID 2836 wrote to memory of 1620	2836	4965c4c32f11f2cd37b8e25fa030b876.exe	37
PID 2836 wrote to memory of 1620	2836	4965c4c32f11f2cd37b8e25fa030b876.exe	37
PID 1620 wrote to memory of 1624	1620	4965c4c32f11f2cd37b8e25fa030b876.exe	194
PID 1620 wrote to memory of 1624	1620	4965c4c32f11f2cd37b8e25fa030b876.exe	194
PID 1620 wrote to memory of 1624	1620	4965c4c32f11f2cd37b8e25fa030b876.exe	194
PID 1620 wrote to memory of 1624	1620	4965c4c32f11f2cd37b8e25fa030b876.exe	194
PID 1624 wrote to memory of 1536	1624	4965c4c32f11f2cd37b8e25fa030b876.exe	164
PID 1624 wrote to memory of 1536	1624	4965c4c32f11f2cd37b8e25fa030b876.exe	164
PID 1624 wrote to memory of 1536	1624	4965c4c32f11f2cd37b8e25fa030b876.exe	164
PID 1624 wrote to memory of 1536	1624	4965c4c32f11f2cd37b8e25fa030b876.exe	164
PID 1536 wrote to memory of 268	1536	4965c4c32f11f2cd37b8e25fa030b876.exe	39
PID 1536 wrote to memory of 268	1536	4965c4c32f11f2cd37b8e25fa030b876.exe	39
PID 1536 wrote to memory of 268	1536	4965c4c32f11f2cd37b8e25fa030b876.exe	39
PID 1536 wrote to memory of 268	1536	4965c4c32f11f2cd37b8e25fa030b876.exe	39
PID 268 wrote to memory of 2972	268	4965c4c32f11f2cd37b8e25fa030b876.exe	40
PID 268 wrote to memory of 2972	268	4965c4c32f11f2cd37b8e25fa030b876.exe	40
PID 268 wrote to memory of 2972	268	4965c4c32f11f2cd37b8e25fa030b876.exe	40
PID 268 wrote to memory of 2972	268	4965c4c32f11f2cd37b8e25fa030b876.exe	40
PID 2972 wrote to memory of 1220	2972	4965c4c32f11f2cd37b8e25fa030b876.exe	138
PID 2972 wrote to memory of 1220	2972	4965c4c32f11f2cd37b8e25fa030b876.exe	138
PID 2972 wrote to memory of 1220	2972	4965c4c32f11f2cd37b8e25fa030b876.exe	138
PID 2972 wrote to memory of 1220	2972	4965c4c32f11f2cd37b8e25fa030b876.exe	138
PID 1220 wrote to memory of 2284	1220	4965c4c32f11f2cd37b8e25fa030b876.exe	45
PID 1220 wrote to memory of 2284	1220	4965c4c32f11f2cd37b8e25fa030b876.exe	45
PID 1220 wrote to memory of 2284	1220	4965c4c32f11f2cd37b8e25fa030b876.exe	45
PID 1220 wrote to memory of 2284	1220	4965c4c32f11f2cd37b8e25fa030b876.exe	45
PID 2284 wrote to memory of 2940	2284	4965c4c32f11f2cd37b8e25fa030b876.exe	44
PID 2284 wrote to memory of 2940	2284	4965c4c32f11f2cd37b8e25fa030b876.exe	44
PID 2284 wrote to memory of 2940	2284	4965c4c32f11f2cd37b8e25fa030b876.exe	44
PID 2284 wrote to memory of 2940	2284	4965c4c32f11f2cd37b8e25fa030b876.exe	44

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  - Executes dropped EXE
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    - Executes dropped EXE
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2660

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1660
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1620

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1624
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1536
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2284

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2944
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        Executes dropped EXE
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        Executes dropped EXE
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        19⤵
        Executes dropped EXE
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        20⤵
        Executes dropped EXE
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        21⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        22⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        23⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        24⤵
        Executes dropped EXE
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        25⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        26⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        27⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        28⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        29⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        30⤵
        Executes dropped EXE
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        31⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        32⤵
        Executes dropped EXE
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        33⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        34⤵
        Executes dropped EXE
        
        PID:2244

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2940

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:300
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1300
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    - Executes dropped EXE
    PID:328
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        Executes dropped EXE
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        Executes dropped EXE
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        Executes dropped EXE
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        19⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        20⤵
        Executes dropped EXE
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        21⤵
        
        PID:2248

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2568
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:664
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        
        PID:968

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:3048
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:1940

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
1⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2844
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2444

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1592
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:524
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      PID:472
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        Executes dropped EXE
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:1864

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
- Executes dropped EXE
PID:1300
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2092

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2504
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        Executes dropped EXE
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        19⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        20⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        21⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        22⤵
        
        PID:1288

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:620
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:484
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:2012

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1612
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2536

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2012
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        Executes dropped EXE
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        
        PID:1180
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2304

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
- Executes dropped EXE
PID:2364
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2720

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2524
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1332
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      Executes dropped EXE
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2452

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1052
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:796
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        Executes dropped EXE
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:272

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1600
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:828

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2404
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2948

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:872
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2616

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2828
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:484

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2088
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        Executes dropped EXE
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:996

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2120
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:1056

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1528
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1600
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1724

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
- Executes dropped EXE
PID:2124
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        19⤵
        
        PID:1604

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1504
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:1632
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:1976

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2920
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2724

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:1180
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2776

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:3056
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2108

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
"C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
1⤵
PID:2452
- C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
  "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
  2⤵
  PID:576
- - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
    "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
    3⤵
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
      "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
      4⤵
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        14⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        15⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        16⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        18⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        19⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        20⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        21⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        22⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        23⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        24⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        25⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        26⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        27⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        28⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        29⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        30⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        31⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        32⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        33⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        34⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        35⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        36⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        37⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        38⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        39⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        40⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        41⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        42⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        43⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        44⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        45⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        46⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        47⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        48⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        49⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        50⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        51⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        52⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        53⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        54⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        55⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        56⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        57⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        58⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        59⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        60⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        61⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        62⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        63⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        64⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        65⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        66⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        67⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        68⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        69⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        70⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        71⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        72⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        73⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        74⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        75⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        76⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        77⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        78⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        79⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        80⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        81⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        82⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        83⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        84⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        85⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        86⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        87⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        88⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe" "C:\Users\Admin\AppData\Local\Temp\setup492.exe"
        89⤵
        
        PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
864KB

MD5
5dbedeef66710368d4d3d1be5b2556aa

SHA1
0a88e20f5c5bce544f8766f9d989994395de443f

SHA256
6f485af147168ee1445d7a5612bba068d29928749b2795d969e5ca4fd9c07abd

SHA512
48db6e47910daabdef779c17a11fb97291baddc8215d81764773bc27bfa9fc601caec6cf2a20ce350c35df147414ce5b984ced381d95409b576c1c3915d7cd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
899KB

MD5
e763c83353274c9d1ed4f74d1d082175

SHA1
6ed1f1638b5bedb72a86d925ff854e53439ca413

SHA256
41b3c52b88adc9b4acf6981b5c790fdcf220e043fdbe88b44573529340558af8

SHA512
5490266b59a12c10ba977b7374dcd6e4dff94bff0ee5649aa216e82698701c4ceeba6057c7f3e9973979ca1ec629a783c93c61cd724364159ee273456cf030df

Download Submit
C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
123KB

MD5
b91c2d4d39491269c97ddd5e46494fb3

SHA1
d59148534b21a3a0bb45b2b5d49de276114a70b3

SHA256
9d1f325b595b085e43831c0c4a4923c61bd193608cf8c4373345dc03d4f62ce9

SHA512
869f437b01c8f5c13d2e4e4dbc9c2057f8ef83f62a9d0c17b600d8e7347b11a58448ad1e717062d6d046ecdc857da640caf9da84433bc5fa9327a48bfade8ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
44KB

MD5
782bade1267a840496dab1e6ee35c7ba

SHA1
b7259812c0f40060078231c8efd00c5e52e898d3

SHA256
58acca9e2734eef9566b2a7a1d34900e676b4cadf2ac1a1e83ca9d44fc67497e

SHA512
4da099299fc2d020ea1441837f228eb0dc4a2a42359b930022724c67434f6a78576295317eb52ddc7b9b828355cea78051d4b56c1a2b4ab76eb2faf6636c9893

Download Submit
C:\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
1.5MB

MD5
7b4a7d03564c56021c7cbceda0f9640f

SHA1
83531a07305aca6ada493449e2eecc7488575fcc

SHA256
3ab6d9a61673b07078a116cfa3498af433b4122a160b03eb7009442418f99465

SHA512
bfe07f897ec47b5148d86d28bd5de3c32ad5cb36b93ff2d4e5102286a27492587e4d7985750cdd217eee8c0f6773d43c74441024b2e64edee3ed66166a945dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup492.exe

Filesize
381KB

MD5
5112da8c220a4d1a2b42f6d8e575e1dd

SHA1
288e3fcd1ac50c3cd0127d1567f5f6e7356f3484

SHA256
0feddc41b908ce78f772136f31bc119592c5bd1879cf95b66827836f222a0a4f

SHA512
963f23b6c45f9791431d9993e2e3b9863593efde1d9b2828e56a67a685f5f42618be5e331cbdc60fd15ad667255bc501324fd037dca52bc711ac996e9359f19f

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup492.exe

Filesize
123KB

MD5
47462d6e581afec62972cc46a3cdaba3

SHA1
b6a6c8ce55741bc54e85df24648ee45ee9c269f2

SHA256
6434aeb62d2251d7809ea6c627136f592bb60974b64dd39705ef991524662e1a

SHA512
f5c41fcdbb08132d8664c5bc59eac642cc0f65a7de35dab003b691eda4571152ce20ce12064362a4465c6bf748827572bbae2f4be43749bb275a84f6e9563439

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup492.exe

Filesize
256KB

MD5
8e3bcabb9fc4c5a0b9fa6746828af6ec

SHA1
6d3e6e3f9cf40003fdf74835b7eb2081aa4d954a

SHA256
78442fdc584f578fb94ca33be2ac29851a26e9345a8e0fecf8474b5ad5da5d63

SHA512
aa32364b42f1ac2a0be5228dcce1e50caeaa1c7378abb1a96032cd1b2721a360319076cb688012840e489591247e8006d4baf960064a1e6a1955d88d50128582

Download Submit
\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
896KB

MD5
16b3d998347f6f622cca915dab19e7be

SHA1
a12c3c55a263098d4639ca27aefe410a804b12b9

SHA256
e1289dc63beb98fee5b95e1ae2803fe48a5465fee7273fc209e67b47f76bac47

SHA512
ed2c057e6878e8e208c7b5d2b400bce61508d015aed66498ced40982d2505fde93e23ccd59d7b5ae3813be078fce3ade7f423bc78698df4dfe337b0a9f5a2133

Download Submit
\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
1.1MB

MD5
740fb7b514412a86fb132554c59cd0cf

SHA1
8f79954871e549e4b08d7b8103eaacf8c46d7e20

SHA256
905cfa48d41a33f9378d308436e7a6609fb8698de86313226331efa3f4f275f5

SHA512
5193c582fece9e0b6cd62d0c7bd768ee000c5cc49c8bf0a55f998ae4592943892ffa112d2850eb656973f3de6061c0e6029c794eff31e7ac9b544429b50f5777

Download Submit
\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
92KB

MD5
46d81843f620f619ee7f6eb8bd95dc10

SHA1
9fa39ce85db8426178108e0bb032c9c9c35e876e

SHA256
540739ec9da884b5263e93c2fd04fd3e2fbfab6db26d00d1b8b1bbd46ba68162

SHA512
e35a212a00dd82ca835a0bf48f2fc52d5ea7e4154b07fe4a60654c3fb1c04ebe0bcbef167d45cb18b38fb895f59fef5619168f1ac027dc7233da5ff05fafdf3e

Download Submit
\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
93KB

MD5
d1e7981fb0c20718056dbf2b90c2a224

SHA1
1e8408aac41b80a0927b24151bfdee16e78971ff

SHA256
e2810185fc0c20c2ee5d6e8cb25e9bef59ef9aa4a3503c6e39c3d00cc94eddb6

SHA512
c3cd17107b8df518d4839731de7c1ad726910ce9a2d94ccc940835f8c61ee0a6ffff1154940f37ad62b4729ae58b35b4062f9ad80e775d4caf877dd64c0edac9

Download Submit
\Users\Admin\AppData\Local\Temp\4965c4c32f11f2cd37b8e25fa030b876.exe

Filesize
2.4MB

MD5
4a002b236d40a0eb25e5a86bec49c353

SHA1
809bf53f305b3f3fcbed680058439dd31fab1cdd

SHA256
7d00aa21d6cabf6680d706397fe0c73e1140325fb6508f84b01aca8327cbc999

SHA512
f986f27f8822601bc627129a7e8a385e2a506fbc66eb3264df01fc48f234d923f2d52a7a639f41dfd6d21a7da438881b850a617460be30b262a2c0ecd8ab554c

Download Submit
\Users\Admin\AppData\Local\Temp\nsy5439.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit