a2db0768f7e1b5a9317a443e9e6606c0373a5d55663a4e85ada743925ae08303

Analysis

max time kernel
120s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97c6d2e5045e2aa409bc2da29ea05fa0N.exe
Size

468KB
MD5

97c6d2e5045e2aa409bc2da29ea05fa0
SHA1

351dd26483d2391c7f09c77d86be720bb8547056
SHA256

a2db0768f7e1b5a9317a443e9e6606c0373a5d55663a4e85ada743925ae08303
SHA512

97075dd4c20d66e0a04bd3971297324b10739e049a424f797b970e6be041ee4285c826c8a6276f8e42ebc71a7e79d6edcaad6cd361092ff3472f13cb5d487d5a
SSDEEP

3072:RPoDod+dj08U2bYCPzxqSf8/Emuj1Ip1nmHevVyEZl/3foM+DDlm:RPgo25U2RPtqSfF0zpZl/gM+D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2616	33459.exe
2584	63474.exe
3632	14636.exe
548	13609.exe
2104	13609.exe
2220	15233.exe
1208	11563.exe
4840	8622.exe
1624	63945.exe
812	60646.exe
3936	61715.exe
4964	28528.exe
4780	4346.exe
2296	52213.exe
1260	32612.exe
1340	63827.exe
4556	53438.exe
1984	47730.exe
3384	6240.exe
624	51622.exe
4340	23588.exe
3964	43454.exe
1712	65306.exe
944	10397.exe
1760	43377.exe
3488	52307.exe
2576	52307.exe
3016	32441.exe
3516	46177.exe
5020	52307.exe
3724	22323.exe
3032	62841.exe
3276	54346.exe
2932	46718.exe
4144	9577.exe
2648	9577.exe
676	63417.exe
2292	28636.exe
2980	13277.exe
2628	54310.exe
4528	4132.exe
1540	18706.exe
3008	9775.exe
4168	64377.exe
4916	12575.exe
2300	49110.exe
852	3438.exe
4924	27620.exe
4300	60101.exe
3660	11149.exe
4900	43210.exe
2456	35727.exe
4560	63546.exe
4548	23475.exe
2196	18322.exe
3744	5092.exe
2380	56894.exe
3916	56894.exe
1396	15197.exe
2556	12182.exe
2508	57854.exe
4336	59337.exe
2492	33563.exe
1776	7227.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3888	676	WerFault.exe	129
15508	15292	WerFault.exe	743
15736	320	WerFault.exe	396

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15316	dwm.exe
Token: SeChangeNotifyPrivilege	15316	dwm.exe
Token: 33	15316	dwm.exe
Token: SeIncBasePriorityPrivilege	15316	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe
2616	33459.exe
2584	63474.exe
3632	14636.exe
2220	15233.exe
2104	13609.exe
548	13609.exe
1208	11563.exe
4840	8622.exe
1624	63945.exe
812	60646.exe
3936	61715.exe
4780	4346.exe
2296	52213.exe
4964	28528.exe
1260	32612.exe
1340	63827.exe
4556	53438.exe
1984	47730.exe
3384	6240.exe
624	51622.exe
4340	23588.exe
1712	65306.exe
3964	43454.exe
944	10397.exe
3488	52307.exe
2576	52307.exe
1760	43377.exe
3016	32441.exe
5020	52307.exe
3724	22323.exe
3032	62841.exe
3276	54346.exe
2932	46718.exe
4144	9577.exe
2648	9577.exe
676	63417.exe
2292	28636.exe
2980	13277.exe
2628	54310.exe
4528	4132.exe
1540	18706.exe
3008	9775.exe
4916	12575.exe
4924	27620.exe
4168	64377.exe
2300	49110.exe
852	3438.exe
2760	31835.exe
2456	35727.exe
2380	56894.exe
4560	63546.exe
2196	18322.exe
4900	43210.exe
3916	56894.exe
4300	60101.exe
4548	23475.exe
3744	5092.exe
1396	15197.exe
4336	59337.exe
2508	57854.exe
2556	12182.exe
2492	33563.exe
1092	58622.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2616	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	87
PID 5040 wrote to memory of 2616	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	87
PID 5040 wrote to memory of 2616	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	87
PID 2616 wrote to memory of 2584	2616	33459.exe	88
PID 2616 wrote to memory of 2584	2616	33459.exe	88
PID 2616 wrote to memory of 2584	2616	33459.exe	88
PID 5040 wrote to memory of 3632	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	89
PID 5040 wrote to memory of 3632	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	89
PID 5040 wrote to memory of 3632	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	89
PID 3632 wrote to memory of 2104	3632	14636.exe	91
PID 3632 wrote to memory of 2104	3632	14636.exe	91
PID 3632 wrote to memory of 2104	3632	14636.exe	91
PID 2584 wrote to memory of 548	2584	63474.exe	90
PID 2584 wrote to memory of 548	2584	63474.exe	90
PID 2584 wrote to memory of 548	2584	63474.exe	90
PID 2616 wrote to memory of 2220	2616	33459.exe	92
PID 2616 wrote to memory of 2220	2616	33459.exe	92
PID 2616 wrote to memory of 2220	2616	33459.exe	92
PID 5040 wrote to memory of 1208	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	93
PID 5040 wrote to memory of 1208	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	93
PID 5040 wrote to memory of 1208	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	93
PID 2220 wrote to memory of 4840	2220	15233.exe	94
PID 2220 wrote to memory of 4840	2220	15233.exe	94
PID 2220 wrote to memory of 4840	2220	15233.exe	94
PID 2616 wrote to memory of 1624	2616	33459.exe	95
PID 2616 wrote to memory of 1624	2616	33459.exe	95
PID 2616 wrote to memory of 1624	2616	33459.exe	95
PID 2104 wrote to memory of 812	2104	13609.exe	96
PID 2104 wrote to memory of 812	2104	13609.exe	96
PID 2104 wrote to memory of 812	2104	13609.exe	96
PID 1208 wrote to memory of 3936	1208	11563.exe	97
PID 1208 wrote to memory of 3936	1208	11563.exe	97
PID 1208 wrote to memory of 3936	1208	11563.exe	97
PID 3632 wrote to memory of 4964	3632	14636.exe	98
PID 3632 wrote to memory of 4964	3632	14636.exe	98
PID 3632 wrote to memory of 4964	3632	14636.exe	98
PID 548 wrote to memory of 4780	548	13609.exe	99
PID 548 wrote to memory of 4780	548	13609.exe	99
PID 548 wrote to memory of 4780	548	13609.exe	99
PID 5040 wrote to memory of 2296	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	100
PID 5040 wrote to memory of 2296	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	100
PID 5040 wrote to memory of 2296	5040	97c6d2e5045e2aa409bc2da29ea05fa0N.exe	100
PID 2584 wrote to memory of 1260	2584	63474.exe	101
PID 2584 wrote to memory of 1260	2584	63474.exe	101
PID 2584 wrote to memory of 1260	2584	63474.exe	101
PID 4840 wrote to memory of 1340	4840	8622.exe	106
PID 4840 wrote to memory of 1340	4840	8622.exe	106
PID 4840 wrote to memory of 1340	4840	8622.exe	106
PID 2220 wrote to memory of 4556	2220	15233.exe	107
PID 2220 wrote to memory of 4556	2220	15233.exe	107
PID 2220 wrote to memory of 4556	2220	15233.exe	107
PID 1624 wrote to memory of 1984	1624	63945.exe	108
PID 1624 wrote to memory of 1984	1624	63945.exe	108
PID 1624 wrote to memory of 1984	1624	63945.exe	108
PID 2616 wrote to memory of 3384	2616	33459.exe	109
PID 2616 wrote to memory of 3384	2616	33459.exe	109
PID 2616 wrote to memory of 3384	2616	33459.exe	109
PID 812 wrote to memory of 624	812	60646.exe	110
PID 812 wrote to memory of 624	812	60646.exe	110
PID 812 wrote to memory of 624	812	60646.exe	110
PID 2104 wrote to memory of 4340	2104	13609.exe	111
PID 2104 wrote to memory of 4340	2104	13609.exe	111
PID 2104 wrote to memory of 4340	2104	13609.exe	111
PID 4780 wrote to memory of 3964	4780	4346.exe	112

C:\Users\Admin\AppData\Local\Temp\97c6d2e5045e2aa409bc2da29ea05fa0N.exe
"C:\Users\Admin\AppData\Local\Temp\97c6d2e5045e2aa409bc2da29ea05fa0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Users\Admin\AppData\Local\Temp\33459.exe
  33459.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\63474.exe
    63474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\13609.exe
      13609.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\4346.exe
        
        4346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\43454.exe
        
        43454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\9577.exe
        
        9577.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\45239.exe
        
        45239.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\44466.exe
        
        44466.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\43091.exe
        
        43091.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\62899.exe
        
        62899.exe
        11⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\29497.exe
        
        29497.exe
        11⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\41651.exe
        
        41651.exe
        11⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\25632.exe
        
        25632.exe
        10⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\37806.exe
        
        37806.exe
        10⤵
        
        PID:15292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15292 -s 468
        11⤵
        Program crash
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\14465.exe
        
        14465.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\26695.exe
        
        26695.exe
        10⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\16343.exe
        
        16343.exe
        9⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\55964.exe
        
        55964.exe
        10⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\56363.exe
        
        56363.exe
        10⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\62546.exe
        
        62546.exe
        9⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\14759.exe
        
        14759.exe
        9⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\42801.exe
        
        42801.exe
        9⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\43733.exe
        
        43733.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\1202.exe
        
        1202.exe
        9⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\6744.exe
        
        6744.exe
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\31940.exe
        
        31940.exe
        10⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\6598.exe
        
        6598.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\54132.exe
        
        54132.exe
        10⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\11897.exe
        
        11897.exe
        9⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\31940.exe
        
        31940.exe
        9⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\55300.exe
        
        55300.exe
        9⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\62913.exe
        
        62913.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\1861.exe
        
        1861.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\59876.exe
        
        59876.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\50969.exe
        
        50969.exe
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\32664.exe
        
        32664.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\28815.exe
        
        28815.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\36070.exe
        
        36070.exe
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\4601.exe
        
        4601.exe
        9⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\39172.exe
        
        39172.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\18856.exe
        
        18856.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\23126.exe
        
        23126.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\46347.exe
        
        46347.exe
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\31812.exe
        
        31812.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\32375.exe
        
        32375.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\50.exe
        
        50.exe
        9⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\19549.exe
        
        19549.exe
        9⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\63747.exe
        
        63747.exe
        9⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\34756.exe
        
        34756.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\44193.exe
        
        44193.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\14766.exe
        
        14766.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\10359.exe
        
        10359.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\9105.exe
        
        9105.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\41519.exe
        
        41519.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\40789.exe
        
        40789.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\40115.exe
        
        40115.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\47420.exe
        
        47420.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\49636.exe
        
        49636.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\59261.exe
        
        59261.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\14062.exe
        
        14062.exe
        7⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\64377.exe
        
        64377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\24408.exe
        
        24408.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\49199.exe
        
        49199.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\4217.exe
        
        4217.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\52908.exe
        
        52908.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\20636.exe
        
        20636.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\64269.exe
        
        64269.exe
        7⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\36416.exe
        
        36416.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\63402.exe
        
        63402.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\51114.exe
        
        51114.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\25688.exe
        
        25688.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\7095.exe
        
        7095.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\1622.exe
        
        1622.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\43225.exe
        
        43225.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\22812.exe
        
        22812.exe
        7⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\5943.exe
        
        5943.exe
        7⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\1430.exe
        
        1430.exe
        7⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\9105.exe
        
        9105.exe
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\11156.exe
        
        11156.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\58960.exe
        
        58960.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\37798.exe
        
        37798.exe
        6⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\65306.exe
        
        65306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\13277.exe
        
        13277.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\47507.exe
        
        47507.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\18675.exe
        
        18675.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\56298.exe
        
        56298.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        9⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\50522.exe
        
        50522.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\13759.exe
        
        13759.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\50640.exe
        
        50640.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\49981.exe
        
        49981.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\25001.exe
        
        25001.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\39556.exe
        
        39556.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\26902.exe
        
        26902.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\39485.exe
        
        39485.exe
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\19940.exe
        
        19940.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\20938.exe
        
        20938.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\52458.exe
        
        52458.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\25926.exe
        
        25926.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\13795.exe
        
        13795.exe
        8⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\39852.exe
        
        39852.exe
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\39960.exe
        
        39960.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\35150.exe
        
        35150.exe
        7⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\41917.exe
        
        41917.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\8576.exe
        
        8576.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\60748.exe
        
        60748.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\12575.exe
        
        12575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\47507.exe
        
        47507.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\17523.exe
        
        17523.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\4082.exe
        
        4082.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\4217.exe
        
        4217.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\11736.exe
        
        11736.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\63341.exe
        
        63341.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\62876.exe
        
        62876.exe
        7⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\43733.exe
        
        43733.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\31986.exe
        
        31986.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        7⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\51813.exe
        
        51813.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\22365.exe
        
        22365.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\22123.exe
        
        22123.exe
        6⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\15145.exe
        
        15145.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\54767.exe
        
        54767.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\4274.exe
        
        4274.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\16853.exe
        
        16853.exe
        7⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\31829.exe
        
        31829.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\53313.exe
        
        53313.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\14459.exe
        
        14459.exe
        6⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\26651.exe
        
        26651.exe
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\43634.exe
        
        43634.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\28491.exe
        
        28491.exe
        6⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\29156.exe
        
        29156.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\1892.exe
        
        1892.exe
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\42779.exe
        
        42779.exe
        5⤵
        
        PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\32612.exe
      32612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\52307.exe
        
        52307.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\23475.exe
        
        23475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\27279.exe
        
        27279.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\48094.exe
        
        48094.exe
        9⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\32502.exe
        
        32502.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\46031.exe
        
        46031.exe
        9⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\37880.exe
        
        37880.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\22428.exe
        
        22428.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\5943.exe
        
        5943.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\26702.exe
        
        26702.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\14201.exe
        
        14201.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\13079.exe
        
        13079.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\39463.exe
        
        39463.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\34287.exe
        
        34287.exe
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\16048.exe
        
        16048.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\36070.exe
        
        36070.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\10012.exe
        
        10012.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\20252.exe
        
        20252.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\6591.exe
        
        6591.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\2920.exe
        
        2920.exe
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\56894.exe
        
        56894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\38654.exe
        
        38654.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\9541.exe
        
        9541.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\37139.exe
        
        37139.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\50989.exe
        
        50989.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\52929.exe
        
        52929.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\5139.exe
        
        5139.exe
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\15716.exe
        
        15716.exe
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\29926.exe
        
        29926.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\42517.exe
        
        42517.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\63851.exe
        
        63851.exe
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\45285.exe
        
        45285.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\15932.exe
        
        15932.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\51708.exe
        
        51708.exe
        6⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\1960.exe
        
        1960.exe
        6⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\34059.exe
        
        34059.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\31415.exe
        
        31415.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\28966.exe
        
        28966.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\28236.exe
        
        28236.exe
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\15263.exe
        
        15263.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\50439.exe
        
        50439.exe
        7⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\34948.exe
        
        34948.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\37696.exe
        
        37696.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\15263.exe
        
        15263.exe
        6⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\50439.exe
        
        50439.exe
        6⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\37220.exe
        
        37220.exe
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\58827.exe
        
        58827.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\29463.exe
        
        29463.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\39595.exe
        
        39595.exe
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\46177.exe
      46177.exe
      4⤵
      Executes dropped EXE
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\31835.exe
        
        31835.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\38654.exe
        
        38654.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\42022.exe
        
        42022.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\54273.exe
        
        54273.exe
        8⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\50434.exe
        
        50434.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\61816.exe
        
        61816.exe
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\19311.exe
        
        19311.exe
        7⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\16343.exe
        
        16343.exe
        6⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\11721.exe
        
        11721.exe
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\34547.exe
        
        34547.exe
        7⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\10191.exe
        
        10191.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\10675.exe
        
        10675.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\7004.exe
        
        7004.exe
        6⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\49982.exe
        
        49982.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\38566.exe
        
        38566.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\57777.exe
        
        57777.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\12294.exe
        
        12294.exe
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\52908.exe
        
        52908.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\20636.exe
        
        20636.exe
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\14235.exe
        
        14235.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\11149.exe
      11149.exe
      4⤵
      Executes dropped EXE
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\24788.exe
      24788.exe
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\49235.exe
        
        49235.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\37139.exe
        
        37139.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\61814.exe
        
        61814.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\14387.exe
        
        14387.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\21739.exe
        
        21739.exe
        5⤵
        
        PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\19768.exe
      19768.exe
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\57367.exe
        
        57367.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\51860.exe
        
        51860.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\3935.exe
        
        3935.exe
        5⤵
        
        PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\23201.exe
      23201.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\33840.exe
      33840.exe
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\21411.exe
      21411.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\29540.exe
      29540.exe
      4⤵
      PID:10076
- - C:\Users\Admin\AppData\Local\Temp\15233.exe
    15233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\8622.exe
      8622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\63827.exe
        
        63827.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\22323.exe
        
        22323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\15197.exe
        
        15197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\38654.exe
        
        38654.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        9⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\45214.exe
        
        45214.exe
        10⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\45086.exe
        
        45086.exe
        10⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\11631.exe
        
        11631.exe
        10⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\33988.exe
        
        33988.exe
        9⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\22812.exe
        
        22812.exe
        9⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\63312.exe
        
        63312.exe
        9⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\34486.exe
        
        34486.exe
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\14201.exe
        
        14201.exe
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\21247.exe
        
        21247.exe
        8⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\8719.exe
        
        8719.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\35209.exe
        
        35209.exe
        8⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\24600.exe
        
        24600.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\46905.exe
        
        46905.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\15295.exe
        
        15295.exe
        8⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\13499.exe
        
        13499.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\52908.exe
        
        52908.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\20636.exe
        
        20636.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\44603.exe
        
        44603.exe
        7⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\57854.exe
        
        57854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\55867.exe
        
        55867.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\41446.exe
        
        41446.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\36947.exe
        
        36947.exe
        9⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        9⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\10148.exe
        
        10148.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\11211.exe
        
        11211.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\34688.exe
        
        34688.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\15716.exe
        
        15716.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\62214.exe
        
        62214.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\27468.exe
        
        27468.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\18298.exe
        
        18298.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\45285.exe
        
        45285.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\15932.exe
        
        15932.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\2514.exe
        
        2514.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\4163.exe
        
        4163.exe
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\63717.exe
        
        63717.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\43091.exe
        
        43091.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\38011.exe
        
        38011.exe
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\7097.exe
        
        7097.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\37183.exe
        
        37183.exe
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\8524.exe
        
        8524.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\62694.exe
        
        62694.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\21666.exe
        
        21666.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\25313.exe
        
        25313.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\13543.exe
        
        13543.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\28108.exe
        
        28108.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\9770.exe
        
        9770.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\62841.exe
        
        62841.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\12182.exe
        
        12182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\27087.exe
        
        27087.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\43283.exe
        
        43283.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\45307.exe
        
        45307.exe
        9⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\50989.exe
        
        50989.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\12191.exe
        
        12191.exe
        9⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\29502.exe
        
        29502.exe
        9⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\52929.exe
        
        52929.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\3935.exe
        
        3935.exe
        8⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\12592.exe
        
        12592.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\52318.exe
        
        52318.exe
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\2328.exe
        
        2328.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\42995.exe
        
        42995.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\23987.exe
        
        23987.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\50058.exe
        
        50058.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\40623.exe
        
        40623.exe
        7⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\484.exe
        
        484.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\37139.exe
        
        37139.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        7⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\61269.exe
        
        61269.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\57145.exe
        
        57145.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\58496.exe
        
        58496.exe
        6⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\59337.exe
        
        59337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\38654.exe
        
        38654.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\30154.exe
        
        30154.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\58514.exe
        
        58514.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\25304.exe
        
        25304.exe
        8⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\57360.exe
        
        57360.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\54518.exe
        
        54518.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\30020.exe
        
        30020.exe
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\15263.exe
        
        15263.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\62691.exe
        
        62691.exe
        7⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\16343.exe
        
        16343.exe
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\10191.exe
        
        10191.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\13114.exe
        
        13114.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\48970.exe
        
        48970.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\25022.exe
        
        25022.exe
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\57523.exe
        
        57523.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\53956.exe
        
        53956.exe
        7⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\39852.exe
        
        39852.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\5943.exe
        
        5943.exe
        6⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\17382.exe
        
        17382.exe
        6⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\7212.exe
        
        7212.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\60589.exe
        
        60589.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\31778.exe
        
        31778.exe
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\53438.exe
      53438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\29156.exe
        
        29156.exe
        5⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\24155.exe
        
        24155.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\34814.exe
        
        34814.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\26592.exe
        
        26592.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\1362.exe
        
        1362.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\6120.exe
        
        6120.exe
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\32370.exe
        
        32370.exe
        6⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\51274.exe
        
        51274.exe
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\57559.exe
        
        57559.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\4601.exe
        
        4601.exe
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\60388.exe
        
        60388.exe
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\17342.exe
        
        17342.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\2643.exe
        
        2643.exe
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\59961.exe
        
        59961.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\10024.exe
        
        10024.exe
        5⤵
        
        PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\4132.exe
      4132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\56313.exe
        
        56313.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\63511.exe
        
        63511.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\56402.exe
        
        56402.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\2328.exe
        
        2328.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\50883.exe
        
        50883.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\21845.exe
        
        21845.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\42465.exe
        
        42465.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\62815.exe
        
        62815.exe
        6⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\37987.exe
        
        37987.exe
        6⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\26327.exe
        
        26327.exe
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\44989.exe
        
        44989.exe
        6⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\51041.exe
        
        51041.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\1892.exe
        
        1892.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\32562.exe
        
        32562.exe
        5⤵
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\480.exe
      480.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\413.exe
        
        413.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\8654.exe
        
        8654.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\40789.exe
        
        40789.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\56363.exe
        
        56363.exe
        6⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\18145.exe
        
        18145.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\20832.exe
        
        20832.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\6867.exe
        
        6867.exe
        5⤵
        
        PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\26651.exe
      26651.exe
      4⤵
      PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\29156.exe
      29156.exe
      4⤵
      PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\41923.exe
      41923.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\45498.exe
      45498.exe
      4⤵
      PID:15204
- - C:\Users\Admin\AppData\Local\Temp\63945.exe
    63945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\47730.exe
      47730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\54310.exe
        
        54310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\8337.exe
        
        8337.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\36298.exe
        
        36298.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\37938.exe
        
        37938.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\38758.exe
        
        38758.exe
        9⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\57777.exe
        
        57777.exe
        9⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\34494.exe
        
        34494.exe
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\62193.exe
        
        62193.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\46435.exe
        
        46435.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\16343.exe
        
        16343.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\62546.exe
        
        62546.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\46279.exe
        
        46279.exe
        7⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\42801.exe
        
        42801.exe
        7⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\18077.exe
        
        18077.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\43634.exe
        
        43634.exe
        8⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\40779.exe
        
        40779.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\45263.exe
        
        45263.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\9484.exe
        
        9484.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\30980.exe
        
        30980.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\46867.exe
        
        46867.exe
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\11985.exe
        
        11985.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\23704.exe
        
        23704.exe
        6⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\46801.exe
        
        46801.exe
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\37943.exe
        
        37943.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\34259.exe
        
        34259.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\37103.exe
        
        37103.exe
        8⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\33535.exe
        
        33535.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\40184.exe
        
        40184.exe
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\5943.exe
        
        5943.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\62691.exe
        
        62691.exe
        7⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\11736.exe
        
        11736.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\4356.exe
        
        4356.exe
        6⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\9679.exe
        
        9679.exe
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\53193.exe
        
        53193.exe
        5⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\48919.exe
        
        48919.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\63858.exe
        
        63858.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\57102.exe
        
        57102.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\60077.exe
        
        60077.exe
        5⤵
        
        PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\49110.exe
      49110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\41970.exe
        
        41970.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\63983.exe
        
        63983.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\57559.exe
        
        57559.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\4601.exe
        
        4601.exe
        7⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\54273.exe
        
        54273.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\54793.exe
        
        54793.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\39235.exe
        
        39235.exe
        6⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\49981.exe
        
        49981.exe
        5⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\34415.exe
        
        34415.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\13482.exe
        
        13482.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\13795.exe
        
        13795.exe
        6⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\25001.exe
        
        25001.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\61045.exe
        
        61045.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\59684.exe
        
        59684.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\29589.exe
        
        29589.exe
        5⤵
        
        PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\10048.exe
      10048.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\45950.exe
        
        45950.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\28390.exe
        
        28390.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\51973.exe
        
        51973.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\18735.exe
        
        18735.exe
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\4828.exe
        
        4828.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\37806.exe
        
        37806.exe
        5⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\62616.exe
        
        62616.exe
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\50009.exe
        
        50009.exe
        5⤵
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\32193.exe
      32193.exe
      4⤵
      PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\60818.exe
        
        60818.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\64044.exe
        
        64044.exe
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\42376.exe
      42376.exe
      4⤵
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\737.exe
      737.exe
      4⤵
      PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\3584.exe
      3584.exe
      4⤵
      PID:10040
- - C:\Users\Admin\AppData\Local\Temp\6240.exe
    6240.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\29156.exe
      29156.exe
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\35338.exe
        
        35338.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\61394.exe
        
        61394.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\63541.exe
        
        63541.exe
        7⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\25493.exe
        
        25493.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\52892.exe
        
        52892.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\39172.exe
        
        39172.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\14771.exe
        
        14771.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\15299.exe
        
        15299.exe
        5⤵
        
        PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\6349.exe
      6349.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\35878.exe
        
        35878.exe
        5⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\4217.exe
        
        4217.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\46347.exe
        
        46347.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\52088.exe
        
        52088.exe
        5⤵
        
        PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\52604.exe
      52604.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\23204.exe
      23204.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\47357.exe
      47357.exe
      4⤵
      PID:8896
- - C:\Users\Admin\AppData\Local\Temp\9775.exe
    9775.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\24408.exe
      24408.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\32567.exe
        
        32567.exe
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\44186.exe
        
        44186.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\41780.exe
        
        41780.exe
        5⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\47900.exe
        
        47900.exe
        5⤵
        
        PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\61185.exe
      61185.exe
      4⤵
      PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\56070.exe
        
        56070.exe
        5⤵
        
        PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\65514.exe
      65514.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\43121.exe
      43121.exe
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\21666.exe
      21666.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\27041.exe
      27041.exe
      4⤵
      PID:11740
- - C:\Users\Admin\AppData\Local\Temp\42736.exe
    42736.exe
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\20938.exe
      20938.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\24091.exe
        
        24091.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\15279.exe
        
        15279.exe
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\39852.exe
      39852.exe
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\10027.exe
      10027.exe
      4⤵
      PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\14642.exe
      14642.exe
      4⤵
      PID:11604
- - C:\Users\Admin\AppData\Local\Temp\39647.exe
    39647.exe
    3⤵
    PID:8048
- - C:\Users\Admin\AppData\Local\Temp\44447.exe
    44447.exe
    3⤵
    PID:12240
- - C:\Users\Admin\AppData\Local\Temp\55147.exe
    55147.exe
    3⤵
    PID:15700
- C:\Users\Admin\AppData\Local\Temp\14636.exe
  14636.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3632
- - C:\Users\Admin\AppData\Local\Temp\13609.exe
    13609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\60646.exe
      60646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\51622.exe
        
        51622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\46718.exe
        
        46718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\15966.exe
        
        15966.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\39422.exe
        
        39422.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\49199.exe
        
        49199.exe
        9⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\4217.exe
        
        4217.exe
        9⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\39172.exe
        
        39172.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\14771.exe
        
        14771.exe
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\27210.exe
        
        27210.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\847.exe
        
        847.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\61165.exe
        
        61165.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\29106.exe
        
        29106.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\27155.exe
        
        27155.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\50448.exe
        
        50448.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\40184.exe
        
        40184.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\56296.exe
        
        56296.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\22426.exe
        
        22426.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\52908.exe
        
        52908.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\20636.exe
        
        20636.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\22818.exe
        
        22818.exe
        7⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\58622.exe
        
        58622.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\35530.exe
        
        35530.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\31415.exe
        
        31415.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\60847.exe
        
        60847.exe
        9⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\36695.exe
        
        36695.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\7930.exe
        
        7930.exe
        9⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\34756.exe
        
        34756.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\44193.exe
        
        44193.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\51786.exe
        
        51786.exe
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\55991.exe
        
        55991.exe
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\13291.exe
        
        13291.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\47450.exe
        
        47450.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\47902.exe
        
        47902.exe
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\8647.exe
        
        8647.exe
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\59649.exe
        
        59649.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\29649.exe
        
        29649.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\43105.exe
        
        43105.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\20938.exe
        
        20938.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\12878.exe
        
        12878.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\9097.exe
        
        9097.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\44269.exe
        
        44269.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\52212.exe
        
        52212.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\42271.exe
        
        42271.exe
        7⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\64009.exe
        
        64009.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\3419.exe
        
        3419.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\11404.exe
        
        11404.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\54134.exe
        
        54134.exe
        6⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\63417.exe
        
        63417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 632
        6⤵
        Program crash
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\42316.exe
        
        42316.exe
        5⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\44466.exe
        
        44466.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\31415.exe
        
        31415.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\24859.exe
        
        24859.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\62769.exe
        
        62769.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\63845.exe
        
        63845.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\40552.exe
        
        40552.exe
        7⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\47450.exe
        
        47450.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\2280.exe
        
        2280.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\8719.exe
        
        8719.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\51737.exe
        
        51737.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\37678.exe
        
        37678.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\4274.exe
        
        4274.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\16853.exe
        
        16853.exe
        6⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\22671.exe
        
        22671.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\38305.exe
        
        38305.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\23226.exe
        
        23226.exe
        5⤵
        
        PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\23588.exe
      23588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\9577.exe
        
        9577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\45239.exe
        
        45239.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\39230.exe
        
        39230.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\64466.exe
        
        64466.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\35820.exe
        
        35820.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\50431.exe
        
        50431.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\26048.exe
        
        26048.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\27989.exe
        
        27989.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\18856.exe
        
        18856.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\44227.exe
        
        44227.exe
        7⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\16048.exe
        
        16048.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\41322.exe
        
        41322.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\41002.exe
        
        41002.exe
        8⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\23765.exe
        
        23765.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\37696.exe
        
        37696.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\13499.exe
        
        13499.exe
        7⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\61185.exe
        
        61185.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\65284.exe
        
        65284.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\45071.exe
        
        45071.exe
        7⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\1285.exe
        
        1285.exe
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\27011.exe
        
        27011.exe
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\34441.exe
        
        34441.exe
        6⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\28580.exe
        
        28580.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\44466.exe
        
        44466.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\27902.exe
        
        27902.exe
        7⤵
        
        PID:320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 688
        8⤵
        Program crash
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        7⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\39172.exe
        
        39172.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\18856.exe
        
        18856.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\38202.exe
        
        38202.exe
        6⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\26695.exe
        
        26695.exe
        6⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\30743.exe
        
        30743.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\57367.exe
        
        57367.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\3148.exe
        
        3148.exe
        6⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\27061.exe
        
        27061.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\58733.exe
        
        58733.exe
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\24528.exe
        
        24528.exe
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\28636.exe
      28636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\48446.exe
        
        48446.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\44466.exe
        
        44466.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\49199.exe
        
        49199.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\4217.exe
        
        4217.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\9398.exe
        
        9398.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\59104.exe
        
        59104.exe
        7⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\39172.exe
        
        39172.exe
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\14579.exe
        
        14579.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\47631.exe
        
        47631.exe
        6⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\55284.exe
        
        55284.exe
        6⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\18077.exe
        
        18077.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\36947.exe
        
        36947.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\3148.exe
        
        3148.exe
        6⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\25471.exe
        
        25471.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\63506.exe
        
        63506.exe
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\60748.exe
        
        60748.exe
        5⤵
        
        PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\58726.exe
      58726.exe
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\29007.exe
        
        29007.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\62442.exe
        
        62442.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\39163.exe
        
        39163.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\53701.exe
        
        53701.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\5943.exe
        
        5943.exe
        7⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\13874.exe
        
        13874.exe
        7⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\13188.exe
        
        13188.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\45289.exe
        
        45289.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\50364.exe
        
        50364.exe
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\12432.exe
        
        12432.exe
        6⤵
        
        PID:17920
    - - C:\Users\Admin\AppData\Local\Temp\16343.exe
        
        16343.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\53309.exe
        
        53309.exe
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\22927.exe
        
        22927.exe
        5⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\22956.exe
        
        22956.exe
        5⤵
        
        PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\31259.exe
      31259.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\30730.exe
        
        30730.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\24859.exe
        
        24859.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\12731.exe
        
        12731.exe
        6⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\51394.exe
        
        51394.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\22812.exe
        
        22812.exe
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\32716.exe
        
        32716.exe
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\41849.exe
      41849.exe
      4⤵
      PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\15469.exe
      15469.exe
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\62328.exe
      62328.exe
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\40747.exe
      40747.exe
      4⤵
      PID:9400
- - C:\Users\Admin\AppData\Local\Temp\28528.exe
    28528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\52307.exe
      52307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\18706.exe
        
        18706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\46438.exe
        
        46438.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\28618.exe
        
        28618.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\45307.exe
        
        45307.exe
        8⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\49054.exe
        
        49054.exe
        9⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\17007.exe
        
        17007.exe
        9⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\50989.exe
        
        50989.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\52929.exe
        
        52929.exe
        7⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\14267.exe
        
        14267.exe
        7⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\32545.exe
        
        32545.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\56084.exe
        
        56084.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\47069.exe
        
        47069.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\10158.exe
        
        10158.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\61082.exe
        
        61082.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\9650.exe
        
        9650.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\4274.exe
        
        4274.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\16853.exe
        
        16853.exe
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\31829.exe
        
        31829.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\53313.exe
        
        53313.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\18927.exe
        
        18927.exe
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\29451.exe
        
        29451.exe
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\31270.exe
        
        31270.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\11765.exe
        
        11765.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\44199.exe
        
        44199.exe
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\54357.exe
        
        54357.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\41393.exe
        
        41393.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\2743.exe
        
        2743.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\60101.exe
      60101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\38654.exe
        
        38654.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\45982.exe
        
        45982.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\19975.exe
        
        19975.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\42907.exe
        
        42907.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\26592.exe
        
        26592.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\63967.exe
        
        63967.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\43223.exe
        
        43223.exe
        6⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\14201.exe
        
        14201.exe
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\17726.exe
        
        17726.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\19939.exe
        
        19939.exe
        6⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\13079.exe
        
        13079.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\43547.exe
        
        43547.exe
        5⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\46155.exe
        
        46155.exe
        5⤵
        
        PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\63526.exe
      63526.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\31986.exe
        
        31986.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\56817.exe
        
        56817.exe
        5⤵
        
        PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\61457.exe
      61457.exe
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\59961.exe
      59961.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\10600.exe
      10600.exe
      4⤵
      PID:7596
- - C:\Users\Admin\AppData\Local\Temp\54346.exe
    54346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\33563.exe
      33563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\59951.exe
        
        59951.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\41830.exe
        
        41830.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\58986.exe
        
        58986.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\57777.exe
        
        57777.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\34826.exe
        
        34826.exe
        7⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\49474.exe
        
        49474.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\42505.exe
        
        42505.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\65218.exe
        
        65218.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\12508.exe
        
        12508.exe
        6⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\13899.exe
        
        13899.exe
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\47069.exe
        
        47069.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\33607.exe
        
        33607.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\24600.exe
      24600.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\45950.exe
        
        45950.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\24371.exe
        
        24371.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\48893.exe
        
        48893.exe
        5⤵
        
        PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\37336.exe
      37336.exe
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\20189.exe
      20189.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\16028.exe
      16028.exe
      4⤵
      PID:7912
- - C:\Users\Admin\AppData\Local\Temp\7227.exe
    7227.exe
    3⤵
    - Executes dropped EXE
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\35338.exe
      35338.exe
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\28175.exe
        
        28175.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\21091.exe
        
        21091.exe
        6⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\37880.exe
        
        37880.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\22428.exe
        
        22428.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\22280.exe
        
        22280.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\17382.exe
        
        17382.exe
        5⤵
        
        PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\47450.exe
      47450.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\21823.exe
      21823.exe
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\31294.exe
      31294.exe
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\29819.exe
      29819.exe
      4⤵
      PID:3388
- - C:\Users\Admin\AppData\Local\Temp\10832.exe
    10832.exe
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\38898.exe
      38898.exe
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\61747.exe
        
        61747.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\19733.exe
        
        19733.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\3742.exe
        
        3742.exe
        5⤵
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\26592.exe
      26592.exe
      4⤵
      PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\17847.exe
      17847.exe
      4⤵
      PID:7796
- - C:\Users\Admin\AppData\Local\Temp\58915.exe
    58915.exe
    3⤵
    PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\8602.exe
      8602.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\64858.exe
      64858.exe
      4⤵
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\37878.exe
      37878.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\14947.exe
      14947.exe
      4⤵
      PID:11688
- - C:\Users\Admin\AppData\Local\Temp\35848.exe
    35848.exe
    3⤵
    PID:11964
- - C:\Users\Admin\AppData\Local\Temp\46979.exe
    46979.exe
    3⤵
    PID:4136
- C:\Users\Admin\AppData\Local\Temp\11563.exe
  11563.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1208
- - C:\Users\Admin\AppData\Local\Temp\61715.exe
    61715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\52307.exe
      52307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\18322.exe
        
        18322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\27087.exe
        
        27087.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\30730.exe
        
        30730.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\33988.exe
        
        33988.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\22812.exe
        
        22812.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\31792.exe
        
        31792.exe
        7⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\38571.exe
        
        38571.exe
        7⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\14201.exe
        
        14201.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\54814.exe
        
        54814.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\23960.exe
        
        23960.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\47271.exe
        
        47271.exe
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\17128.exe
        
        17128.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\63858.exe
        
        63858.exe
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\13867.exe
        
        13867.exe
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\29369.exe
        
        29369.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\5530.exe
        
        5530.exe
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\8693.exe
        
        8693.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\1121.exe
        
        1121.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\35176.exe
        
        35176.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\10553.exe
        
        10553.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\63845.exe
        
        63845.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\63312.exe
        
        63312.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\50439.exe
        
        50439.exe
        6⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\11985.exe
        
        11985.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\23704.exe
        
        23704.exe
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\56894.exe
      56894.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\38654.exe
        
        38654.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\413.exe
        
        413.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\59443.exe
        
        59443.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\52804.exe
        
        52804.exe
        7⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\18145.exe
        
        18145.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\60748.exe
        
        60748.exe
        6⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\15716.exe
        
        15716.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\47910.exe
        
        47910.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\15855.exe
        
        15855.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\52576.exe
        
        52576.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\50058.exe
        
        50058.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\3578.exe
        
        3578.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\63717.exe
      63717.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\2717.exe
        
        2717.exe
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\6748.exe
        
        6748.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\18921.exe
        
        18921.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\11746.exe
        
        11746.exe
        5⤵
        
        PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\3320.exe
      3320.exe
      4⤵
      PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\7169.exe
      7169.exe
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\63345.exe
      63345.exe
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\22422.exe
      22422.exe
      4⤵
      PID:10552
- - C:\Users\Admin\AppData\Local\Temp\32441.exe
    32441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\35727.exe
      35727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\15410.exe
        
        15410.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\51731.exe
        
        51731.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\45307.exe
        
        45307.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        7⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\41668.exe
        
        41668.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\59945.exe
        
        59945.exe
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\26063.exe
        
        26063.exe
        6⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\41311.exe
        
        41311.exe
        6⤵
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\1269.exe
        
        1269.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\26506.exe
        
        26506.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\57777.exe
        
        57777.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\12870.exe
        
        12870.exe
        6⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\34812.exe
        
        34812.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\26890.exe
        
        26890.exe
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\52255.exe
        
        52255.exe
        5⤵
        
        PID:216
  - - C:\Users\Admin\AppData\Local\Temp\22680.exe
      22680.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\64990.exe
        
        64990.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\31986.exe
        
        31986.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\6941.exe
        
        6941.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\52929.exe
        
        52929.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\61112.exe
        
        61112.exe
        5⤵
        
        PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\61548.exe
      61548.exe
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\8602.exe
        
        8602.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\78.exe
        
        78.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\20567.exe
        
        20567.exe
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\19764.exe
      19764.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\51725.exe
      51725.exe
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\45039.exe
      45039.exe
      4⤵
      PID:9584
- - C:\Users\Admin\AppData\Local\Temp\5092.exe
    5092.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\38654.exe
      38654.exe
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        5⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\28175.exe
        
        28175.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\26904.exe
        
        26904.exe
        6⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\34948.exe
        
        34948.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\63544.exe
        
        63544.exe
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\51523.exe
        
        51523.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\37795.exe
        
        37795.exe
        5⤵
        
        PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\14201.exe
      14201.exe
      4⤵
      PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\13079.exe
      13079.exe
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\14531.exe
      14531.exe
      4⤵
      PID:9540
- - C:\Users\Admin\AppData\Local\Temp\42609.exe
    42609.exe
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\57554.exe
      57554.exe
      4⤵
      PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\23960.exe
      23960.exe
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\5470.exe
      5470.exe
      4⤵
      PID:7752
- - C:\Users\Admin\AppData\Local\Temp\43852.exe
    43852.exe
    3⤵
    PID:9556
- - C:\Users\Admin\AppData\Local\Temp\3705.exe
    3705.exe
    3⤵
    PID:13876
- - C:\Users\Admin\AppData\Local\Temp\15546.exe
    15546.exe
    3⤵
    PID:7704
- C:\Users\Admin\AppData\Local\Temp\52213.exe
  52213.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\10397.exe
    10397.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:944
  - - C:\Users\Admin\AppData\Local\Temp\3438.exe
      3438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\55291.exe
        
        55291.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\42384.exe
        
        42384.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\26506.exe
        
        26506.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\57777.exe
        
        57777.exe
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\29818.exe
        
        29818.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\32716.exe
        
        32716.exe
        7⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\34812.exe
        
        34812.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\26890.exe
        
        26890.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\14922.exe
        
        14922.exe
        6⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\33941.exe
        
        33941.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\36947.exe
        
        36947.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\51860.exe
        
        51860.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\64163.exe
        
        64163.exe
        6⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\23883.exe
        
        23883.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\17076.exe
        
        17076.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\11606.exe
        
        11606.exe
        5⤵
        
        PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\36001.exe
      36001.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\38898.exe
        
        38898.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\42287.exe
        
        42287.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\8501.exe
        
        8501.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\57447.exe
        
        57447.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\43152.exe
        
        43152.exe
        6⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\34948.exe
        
        34948.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\37696.exe
        
        37696.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\26790.exe
        
        26790.exe
        5⤵
        
        PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\11985.exe
      11985.exe
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\15536.exe
      15536.exe
      4⤵
      PID:13220
- - C:\Users\Admin\AppData\Local\Temp\27620.exe
    27620.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\34186.exe
      34186.exe
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\58555.exe
        
        58555.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\4274.exe
        
        4274.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\16853.exe
        
        16853.exe
        6⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\11736.exe
        
        11736.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\48405.exe
        
        48405.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\22742.exe
        
        22742.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\4739.exe
        
        4739.exe
        5⤵
        
        PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\39457.exe
      39457.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\34067.exe
        
        34067.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\49680.exe
        
        49680.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\29.exe
        
        29.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\13440.exe
        
        13440.exe
        5⤵
        
        PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\5544.exe
      5544.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\63314.exe
      63314.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\59876.exe
      59876.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\5660.exe
      5660.exe
      4⤵
      PID:11052
- - C:\Users\Admin\AppData\Local\Temp\49737.exe
    49737.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\31415.exe
      31415.exe
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\52435.exe
        
        52435.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\51268.exe
        
        51268.exe
        5⤵
        
        PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\42540.exe
      42540.exe
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\42932.exe
      42932.exe
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\51715.exe
      51715.exe
      4⤵
      PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\4931.exe
      4931.exe
      4⤵
      PID:8796
- - C:\Users\Admin\AppData\Local\Temp\1513.exe
    1513.exe
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\32611.exe
      32611.exe
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\9274.exe
      9274.exe
      4⤵
      PID:10916
- - C:\Users\Admin\AppData\Local\Temp\56849.exe
    56849.exe
    3⤵
    PID:11980
- - C:\Users\Admin\AppData\Local\Temp\11020.exe
    11020.exe
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Temp\39334.exe
    39334.exe
    3⤵
    PID:16880
- C:\Users\Admin\AppData\Local\Temp\43377.exe
  43377.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1760
- - C:\Users\Admin\AppData\Local\Temp\43210.exe
    43210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\23579.exe
      23579.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\62359.exe
        
        62359.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\45115.exe
        
        45115.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        6⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\10148.exe
        
        10148.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\11211.exe
        
        11211.exe
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\47708.exe
        
        47708.exe
        5⤵
        
        PID:316
  - - C:\Users\Admin\AppData\Local\Temp\43728.exe
      43728.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\28966.exe
        
        28966.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\28236.exe
        
        28236.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\49435.exe
        
        49435.exe
        5⤵
        
        PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\13899.exe
      13899.exe
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\60390.exe
      60390.exe
      4⤵
      PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\18843.exe
      18843.exe
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\21996.exe
      21996.exe
      4⤵
      PID:10208
- - C:\Users\Admin\AppData\Local\Temp\8181.exe
    8181.exe
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\43091.exe
      43091.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\37139.exe
        
        37139.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\12769.exe
        
        12769.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\78.exe
        
        78.exe
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\13795.exe
        
        13795.exe
        5⤵
        
        PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\50989.exe
      50989.exe
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\52929.exe
      52929.exe
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\39732.exe
      39732.exe
      4⤵
      PID:9504
- - C:\Users\Admin\AppData\Local\Temp\22208.exe
    22208.exe
    3⤵
    PID:4008
- - C:\Users\Admin\AppData\Local\Temp\44644.exe
    44644.exe
    3⤵
    PID:12280
- - C:\Users\Admin\AppData\Local\Temp\64388.exe
    64388.exe
    3⤵
    PID:5900
- - C:\Users\Admin\AppData\Local\Temp\62687.exe
    62687.exe
    3⤵
    PID:16496
- C:\Users\Admin\AppData\Local\Temp\63546.exe
  63546.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\46822.exe
    46822.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\17819.exe
      17819.exe
      4⤵
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\38203.exe
        
        38203.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\8501.exe
        
        8501.exe
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\31562.exe
        
        31562.exe
        5⤵
        
        PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\50818.exe
      50818.exe
      4⤵
      PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\30214.exe
      30214.exe
      4⤵
      PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\38111.exe
      38111.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\7004.exe
      7004.exe
      4⤵
      PID:8644
- - C:\Users\Admin\AppData\Local\Temp\47813.exe
    47813.exe
    3⤵
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\15946.exe
      15946.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\61018.exe
      61018.exe
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\26904.exe
      26904.exe
      4⤵
      PID:7700
- - C:\Users\Admin\AppData\Local\Temp\13899.exe
    13899.exe
    3⤵
    PID:10248
- - C:\Users\Admin\AppData\Local\Temp\60390.exe
    60390.exe
    3⤵
    PID:13592
- - C:\Users\Admin\AppData\Local\Temp\31450.exe
    31450.exe
    3⤵
    PID:844
- C:\Users\Admin\AppData\Local\Temp\40835.exe
  40835.exe
  2⤵
  PID:6248
- - C:\Users\Admin\AppData\Local\Temp\42811.exe
    42811.exe
    3⤵
    PID:6740
- - C:\Users\Admin\AppData\Local\Temp\25493.exe
    25493.exe
    3⤵
    PID:12048
- - C:\Users\Admin\AppData\Local\Temp\46867.exe
    46867.exe
    3⤵
    PID:5188
- - C:\Users\Admin\AppData\Local\Temp\18150.exe
    18150.exe
    3⤵
    PID:16484
- C:\Users\Admin\AppData\Local\Temp\51748.exe
  51748.exe
  2⤵
  PID:8396
- C:\Users\Admin\AppData\Local\Temp\50788.exe
  50788.exe
  2⤵
  PID:11956
- C:\Users\Admin\AppData\Local\Temp\45315.exe
  45315.exe
  2⤵
  PID:5300
- C:\Users\Admin\AppData\Local\Temp\11531.exe
  11531.exe
  2⤵
  PID:16520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 676 -ip 676
1⤵
PID:4904

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\10397.exe

Filesize
468KB

MD5
ad375a32ed6256d8d56678fdb76af219

SHA1
5f0dcdacb0c8dbd8b33ab65a317d5348a7d9b2ef

SHA256
0cc63b56663e781423a4cf56df615950c0391dd80c740b0c5ada445b23b1f6f5

SHA512
6f6e08ec0ac9a8d3600c6c3dbb7c31616a93c63f4c0198f7078ebf0e454a0a001a8c553b5b26be0d2fc27ff07c911445adac0d2b91377fc7827544bbb67213f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\11563.exe

Filesize
468KB

MD5
e75c42e3adef65ea085a483f80c05143

SHA1
3d5659c0d6776f56d024e3ad60440acf711ab749

SHA256
8cc5cef75cffecb38353ac561adf63a5ee8bd185ac0947fecba1aaaca8679a43

SHA512
64e1bdfb9635bd9c1c42f63b635f721b6043b530bdf0f0c06650f23da08c1f14518f0552c9a9929c9500182f7b9c068650367a5ae32b1eadb1fcb818bdc1b8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\13609.exe

Filesize
468KB

MD5
16a6a24664f9265abc0841664657baf7

SHA1
abdc0e6892b7335cbe7e3fbe9c0724f8d52bb957

SHA256
81b9564058b6f6cb9bfd840c10e66a0f0a62e35eefe374d20182580856519ea7

SHA512
9eeb6274dae36fe4d8f3ad09bcecd1597118169fd391335c318b9f4b6a63887a1b0a91c3f817f68ed08882ec50ea71e682615faa15d8ff118debdb83c66525c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\14636.exe

Filesize
468KB

MD5
76a8889f7a7e2fa06185b3b5fa87432c

SHA1
8a6ec53a86b4a5860f2291e16f93a2366c236ef2

SHA256
62f1aa544bd00c435bc17c51bb1b3534b15c98c0e0ed2fa5f7c80c2a530d3638

SHA512
2855557f9aeecf1766948b50824e67654b65453c84ffcd08a1cba1110fd3245b961eb89bebb70c6f63af436bb638ffbce7f2cc923638febe6a69e3b2aad3a345

Download Submit
C:\Users\Admin\AppData\Local\Temp\15233.exe

Filesize
468KB

MD5
3cdcb4a0e9efb3a622e1fd9e3ac3d4b5

SHA1
63f700b9e63a271c18408ec3db5756efd7777e11

SHA256
a358bbb594764007ef5c7d3d5b70005574c00b8405aa50c0623d64c6a87596d4

SHA512
e0f8e5b201310756fc02ad7bf3752b8c5cac9c0c1c95d691ac427e4ad6c1d8c19cc7fa201eb3136e8c71f37760fa1365487fa13a1298217aa2339dbcc05973bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\22323.exe

Filesize
468KB

MD5
867f95156b5cb1c103a9c4a99d01b658

SHA1
26c9710fb8a0022476670abbb31f1370f6be7917

SHA256
2340fbf740a3d56d9292a86b4ae7860ffa594531f1244fb132c4a765ccde41c1

SHA512
7cc7582d4177223ead2562ec83ffef42f864d0e12870dee48905c5e29b451aafba3f3cf9de5a15c240338b15dc7c6e29307774ff1b9a65f3ebcce33841e3a678

Download Submit
C:\Users\Admin\AppData\Local\Temp\23588.exe

Filesize
468KB

MD5
8bcc704205cd02b52db3cc1e33468cee

SHA1
274797d99e468f64c19e8ae1207d13fc913dab44

SHA256
41d5b53cb50b92453db507e73ca7faecabac24fb1727caf7d43cb9b8108f3f42

SHA512
4415db19dac03c79521213b8b6026cd587a144763df4c0b5c7b702c569375c936133936df558cd3296669f25d8c5b4113ce5bc294f315b527ac2805e540be7f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\28528.exe

Filesize
468KB

MD5
36fa35d572b2e2a16ddce3fa3680082a

SHA1
b394e64cf4e5fcc67d9d2432e9db5cccd6fcd2ce

SHA256
8d557cd89de52f0562849d0a10b1e2e636c56ed3732da820d6fd7a4e799298f8

SHA512
070b7e5c9c64166554c1ab7c8ce8c4c68dbc002b6b03b66fcc4ccc6b1584ee95a5d811274e11825df252bab1b75e279dc52df47ad92afa23404f2efc2ed7ae14

Download Submit
C:\Users\Admin\AppData\Local\Temp\32441.exe

Filesize
468KB

MD5
6a3a1a7dd3f78b21624fae6c8ab03125

SHA1
ca4eac277b9417d74fa325ccf63459118dcea5d0

SHA256
699882416bb7792a515645bc7c8d64837f50e44cd4bc8ea11b1b50ca17c93d1e

SHA512
d91a3efb5e46e4e330dc87dea18a1b556e44b0b3d2ea89283dc70758ae4ad690559fdff3ad471e0acf1bb6977a2c7d1a861d741970536a9b7ed0d6d0fccf4b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\32612.exe

Filesize
468KB

MD5
89c1df546d357dc405f76e7c6a10da83

SHA1
7fab967a74fb34d28a0758e6fabd8fe7872ddc47

SHA256
ee7711e4599246d73d2ef685b0c0300991a65fc3cf2d7fee75d035042dd9209c

SHA512
09fcf8896b24075cf489edd3610d081c4ff7104440f3a1abeb4bfbf88c6698e50f9203185ce997b743b6ece1dcb80cc505bcb495c998555e7601cf2b20cd9159

Download Submit
C:\Users\Admin\AppData\Local\Temp\33459.exe

Filesize
468KB

MD5
922d9c289adbe124f8fe432902c57e2f

SHA1
fd4d89464fdf9ee4f683c360dbb94a8936d9927b

SHA256
58f5dca5f6504b541d1d04800009f054a51643d622e6aebddc523ccee1d49d20

SHA512
1f28f7eb53113d5a0496102a2c52b4beaa620f1256ae8425d191acb8cc7638152e3030ca5ad442bab91d43de24c9f55ad30e3a88de655806966564b926193dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\40184.exe

Filesize
468KB

MD5
009187cb0dc3a03cee4a88fbf42ac73b

SHA1
0fe42bd9a878c533200874a6b2592a356f075a76

SHA256
a426f154be733be3fc5fb93f5c83e7e013851be535d045c239340bb38014d53e

SHA512
7d9fbc0164d3a7a3255ccb4cf25b90c0a48d51caea1fa5370c47a4dd156e77a1d49cb5f593afccedc4084c960d59142444ce89481ca07d2f7e5003ac5c745657

Download Submit
C:\Users\Admin\AppData\Local\Temp\43377.exe

Filesize
468KB

MD5
8b96cf4c564c5b68aa8c01efd5923450

SHA1
ac435a69da16bca40532cafc3df0e9eb7f490348

SHA256
f8a946db00591297ad8485b715fd8f25956cd69fe9c041dabbc22fdbdbc1dcdd

SHA512
0e07c8de6813146fc5f4a9146e12cb3787127306cae8227b0f4e3e34cc684fa0a4b1d0fab6bbd94f3adeba05a4509bdaeb441032d0a3abe66bebcdd4024267a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\43454.exe

Filesize
468KB

MD5
bf03c5668c3eb720acae5a493dc24902

SHA1
e8b53b488521a90cd2e225aafc2fcd6184fd8b6c

SHA256
ff386bfd071bf2cb07292788ea089467b2621c7a2413217b4b214aee99e7a7fc

SHA512
cecc29991dddf89125c8d280ba017964b064429454d01d865dfbfcfaf4277b9fd4b52de5ae48fa15844eecfcf0371e0924b3a94d9574843c2eaf8c38c3d1cd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\4346.exe

Filesize
468KB

MD5
662111ff34b7caf11d610243163ea849

SHA1
21eca3678c8c6f5b044adc475432ce403beca8d9

SHA256
48159e1424221b83068b3bc0f00756955117ed3eff7b2ec0a8dab3ac3e926564

SHA512
8f3dfbdba259d04e11a07c6fc16c2cee70617f715186814f55ebe4af583e388bfc07f32cfdb482485ba55dd01d25e427eb2859ec5c16a88a4efc9af336341dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\46177.exe

Filesize
468KB

MD5
646b3aa6f5fed164a79ed6a00db0fc9f

SHA1
8d9226fa08d29366d5d6a35648a0ee07afccc066

SHA256
f06888d5fa4b447317e6f26ba39552acd64b1f5f4f99e89b5cc40066ce2cdf8e

SHA512
9f56ed30d42a18b22c9dad0fa8f53e16098edd76bfcc1c12557439cb279d313d3d599b75beb4177401616e6bf95a7c09a3599b336aef00f1d130cf4e3f520676

Download Submit
C:\Users\Admin\AppData\Local\Temp\47730.exe

Filesize
468KB

MD5
27bfee87305e48a48c50ab0bc88dc0af

SHA1
2226641c194a378c839d80601cd9538b2b362ed9

SHA256
e87198de13568249ce0b0e149a581cd7eb3e8ad861a4c2e3df255d88b726c952

SHA512
a0ca0249039840f700ddbcfdb5c596ba61bcdbdd2bf0c03e0bec5dc205162c57faaf2fdbfdd1a9a4414dd8c20efe3e58846df19a88395a5b3fde0548d7b4a345

Download Submit
C:\Users\Admin\AppData\Local\Temp\51622.exe

Filesize
468KB

MD5
5543ba6350f6a11b8407b2225623776b

SHA1
365fc528d327688b2a9119e2e062969eabf79902

SHA256
14c6dd8fd0715cd7076f4c0ae17bb262c1bac5118e941fc5a6fbf5a28da60371

SHA512
23a7d7f81797fa3b766e48a34e9a31df82fccb9cc0f6393e8bfe9978e3ef5935afc9320c43154587ecdebb1a6188974ba880769237d1d7e8c4b431d87bf5df16

Download Submit
C:\Users\Admin\AppData\Local\Temp\52213.exe

Filesize
468KB

MD5
7ad24d37e3d24cbd1e049c47db9da158

SHA1
d92cd631eae1ecc3a9527287595dff8527f34935

SHA256
df5241a5bb46cbcb1ffd326b6ddf6f350f17254e14ed68fd59bef306fb768618

SHA512
3ebfb7d2f5db8b0eec11e8cdf252308d383420cedf638bc617b8891039610399ea7236dc093de4d5b63ef6b556958a87f51b652c028b6abd851fb0d129c45d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\52307.exe

Filesize
468KB

MD5
d9bec5872231c0a740e61f4163dc5798

SHA1
b4f85dd8c9a87d38805c728f7de10787c37a3b72

SHA256
ae843d17ad89b49f4b9f67d6a7fb0b83685d499dc97eb3d9643aa31cfa5bd491

SHA512
1cf57fc0e84adb0819fee8f88c96905886eb2cb62647ad3378fdb47b770b8eae1d7bdff651c90144c29b90a11a7dbced5ccf3212f2458d1fc1d92624812d1a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\53438.exe

Filesize
468KB

MD5
dc56a2f51cd6e30aafc091ed978750f2

SHA1
338f8c7ba17c7547c3488042b705c4ffb6695647

SHA256
8d1d9cb13cb0304ae4a49d1ccb44d5773455ac6223da14beef7a34c85988013c

SHA512
97fd7c4beaacd3edb477956c140d788003e0e9ab0eb1f5255da3f5076e89eff9dc94f307c58b76036b226921a685c220306ba79f66a071b15d012859e7cdbd5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\54346.exe

Filesize
468KB

MD5
6cd3110bd6decaecdcc7c57ff113675f

SHA1
cee5e99cf9e1a1dad3d3a0d89c72b864fdca5ea9

SHA256
d0247633ac6b3456a8059c53ee0320ca5c464b5d99d25df620962e2cc6fd7860

SHA512
a04c33e7e9cccf4731573f3bb409f88ff1aef3eb22212bbd07a353942d33c1dd786833129073229a289ba84e555f96b6662cb6e18a8aa09eb40ce1b2e6f4d1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\60646.exe

Filesize
468KB

MD5
5a315964e0df2af2c75d587565cbbba1

SHA1
a831543dbd47589a4972b68dac2f5a84fc5c177b

SHA256
30fd3e0d673c1685d4867819aa2d4be5ce0f8ada37786153a95beb8f9b44f2a4

SHA512
5eaa202f5b68f27c77cbfeeda5e1bfcff7945cf37fba8d5aaab08ad1e905522aee1daf51d863cde9c17f6a61c739bbb0866bbc3935c508a6ea2c1700227f3d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\61715.exe

Filesize
468KB

MD5
633c74fd65953141dbac974d1e487965

SHA1
5d13b06fe1de7f84ec8315a160e29721c12c342c

SHA256
9f8296f3ca0868a919dcf01f897b1b48d7a64db310f6aad5cf4cab1f3f11b66d

SHA512
c2f2468112f9964e5793338958184669c7f2ed70057602573e41434e2272aa4387750e47096eea0838359936cf4071a298ff9260e8e5a8263e820b43682a987d

Download Submit
C:\Users\Admin\AppData\Local\Temp\6240.exe

Filesize
468KB

MD5
07a208ace69e7852ac6f22f3adcc265e

SHA1
5878f8b003474379f12304982efa31815a668401

SHA256
0c1ab32e745ebf597fca37ee61240bd3a384b9592eda76aaab8f5d3c9335f41a

SHA512
e1f3dd6cbfe3490ab2ecc2faf5d4cb4e4a24356053b11d6cfc72bc8fc2d4103dcd0a7393cfe06d5fee4eacbfc25482c4382fc922bd9355cee3a0303a0fe6f1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\62841.exe

Filesize
468KB

MD5
b3c614e8d1a866642631ff9bc2e3a033

SHA1
3a68dd7fa4db2e24c696b24530b17fae76c89e88

SHA256
f22a40b902603b631d4b3667c41835b2b71eb82aa9644f4e10722c1268c8a682

SHA512
626b994f062208a4a91f93cc7d98aa1d63ecc65dc8b94637efd038d0bbcced1d7a86291684ced3e08ba569f88ad2aa90662ee0c8214ce9a369469284bab1f041

Download Submit
C:\Users\Admin\AppData\Local\Temp\63474.exe

Filesize
468KB

MD5
1844f75cae7e0f2e62c8308ba4ef454e

SHA1
45478e99bb75415350e382f62cb29eefc5c94aa2

SHA256
12f30c7d98965d4bfc9e5c732de800847fa9046f5585e96e63083f559063731e

SHA512
d7a04ef067cf6d198ced08cef47832392e4441976a2a696d246f523c40e300ace7b2aca9fd2ed1e5877448e15319b6e11b5775a8395b649f02180581b3ee8914

Download Submit
C:\Users\Admin\AppData\Local\Temp\63827.exe

Filesize
468KB

MD5
f0c8c5cc7ec0fd82e914ce85abd66be9

SHA1
1d524eb6c1e75b8f1affe9a30ab6791ddc8d6d18

SHA256
baac06d4192e8c7f964918b383f63d5ad8f6c04e65e0e4bc763d4ee3914b7bc9

SHA512
b581acd45d56dcb456c084ea1b1293939de71144b664128938722dd196534b87cba60e52e031e60077896e74e38898342b35e6b6c96a23bcd560c67095be9076

Download Submit
C:\Users\Admin\AppData\Local\Temp\63945.exe

Filesize
468KB

MD5
52172af4d982e6369f5ccd0c255a76ec

SHA1
aceb095128b71e0249f14eedd47a0105992b4c76

SHA256
e853a519d8eadddbac430ccfab3d7df2e97754832384a5201bc79329634d30a2

SHA512
746d074b9c2ec2e3c685c90311810960cd1b3cf07a53e14dcc42f40e6fab61862eb867d3b8c80bfffe687dfd1ddabb13a73d57fc2f0d2e8da616e968d3bbff7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\65306.exe

Filesize
468KB

MD5
ac955a56a3b16d062f1a5dd895ed3c4a

SHA1
223a0d7009c06105151d9b116e6b7395e1cdded5

SHA256
f072cae8729c82cd36ef480579ef269a50c9c2c2f366bbc30051cf87a4cff80c

SHA512
f5b642c77bf51c1e78d52f4703a43cc4707379b8d741a6d2137f0de86dd5fb88fc2777ba002f2cc8f4e2686674b29aa0cade6e09d146b5ee878374ee4470a875

Download Submit
C:\Users\Admin\AppData\Local\Temp\8622.exe

Filesize
468KB

MD5
bab17d720e7074d5a2f995116887c0ce

SHA1
a97680b31982046aa9ee03843d4c6f7d61448a28

SHA256
f2ad7e01dd7d007d0b830af6e6cd8eb760bc2835907f3871f7524db3b4d0b6ab

SHA512
73f2182f0767a3e662b8df43c7572d9e1a9342dab111a19727167e022766c61ed19f6abe31e1920bf955d14b346f819434723e636d8af521046aeb5a51ac9c35

Download Submit
memory/548-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/676-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/760-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/812-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/852-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/956-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1092-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1208-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1488-443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1612-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1760-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2196-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2292-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2492-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2508-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2556-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2584-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2932-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2980-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3032-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3240-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3276-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3384-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-511-0x0000000003050000-0x000000000312B000-memory.dmp

Filesize
876KB

Download
memory/3516-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-512-0x0000000002F70000-0x000000000304B000-memory.dmp

Filesize
876KB

Download
memory/3632-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3724-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3744-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3916-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3976-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4052-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4144-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4168-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4336-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4560-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4780-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-54-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4924-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4964-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5504-2527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5564-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5576-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5592-566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5616-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5628-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5644-571-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-583-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5700-584-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-586-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5716-587-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14544-2380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15328-2327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15348-2381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads