7ae4cde23ef39cce6096e21438fbd7d9ad8f1da15ab0bd57a63710a6d3e94d69

Analysis

max time kernel
598s
max time network
437s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroGen.exe
Size

16.6MB
MD5

747d57384bac73cf84cba374e0cae890
SHA1

21fd87a381ec3a80e81d4ac3f3707e0e2135ef14
SHA256

7ae4cde23ef39cce6096e21438fbd7d9ad8f1da15ab0bd57a63710a6d3e94d69
SHA512

3a2cf05d2e41ad37b8b438d4a12a708f10fec0cfb5f3c92625bb8f2c6ba580b3eb483484f411204b36ccff1f7a95f8b7a11088ab9800276c54f336102c24db5b
SSDEEP

393216:Au7L/PL01+l+uq+VvUdQusl7Q+l9RoWOv+9faTVY7oemTI:ACLL01+l+uqgvUdQu2QGborvSit

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
4300	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2004	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
2412	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe
1268	NitroGen.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 14 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
26	checkip.amazonaws.com
29	checkip.amazonaws.com
34	checkip.amazonaws.com
36	checkip.amazonaws.com
32	checkip.amazonaws.com
33	checkip.amazonaws.com
35	checkip.amazonaws.com
37	checkip.amazonaws.com
47	checkip.amazonaws.com
24	checkip.amazonaws.com
25	checkip.amazonaws.com
28	checkip.amazonaws.com
65	checkip.amazonaws.com
30	checkip.amazonaws.com

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x0007000000023700-553.dat	embeds_openssl

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	11916	wmic.exe
Token: SeSecurityPrivilege	11916	wmic.exe
Token: SeTakeOwnershipPrivilege	11916	wmic.exe
Token: SeLoadDriverPrivilege	11916	wmic.exe
Token: SeSystemProfilePrivilege	11916	wmic.exe
Token: SeSystemtimePrivilege	11916	wmic.exe
Token: SeProfSingleProcessPrivilege	11916	wmic.exe
Token: SeIncBasePriorityPrivilege	11916	wmic.exe
Token: SeCreatePagefilePrivilege	11916	wmic.exe
Token: SeBackupPrivilege	11916	wmic.exe
Token: SeRestorePrivilege	11916	wmic.exe
Token: SeShutdownPrivilege	11916	wmic.exe
Token: SeDebugPrivilege	11916	wmic.exe
Token: SeSystemEnvironmentPrivilege	11916	wmic.exe
Token: SeRemoteShutdownPrivilege	11916	wmic.exe
Token: SeUndockPrivilege	11916	wmic.exe
Token: SeManageVolumePrivilege	11916	wmic.exe
Token: 33	11916	wmic.exe
Token: 34	11916	wmic.exe
Token: 35	11916	wmic.exe
Token: 36	11916	wmic.exe
Token: SeIncreaseQuotaPrivilege	11916	wmic.exe
Token: SeSecurityPrivilege	11916	wmic.exe
Token: SeTakeOwnershipPrivilege	11916	wmic.exe
Token: SeLoadDriverPrivilege	11916	wmic.exe
Token: SeSystemProfilePrivilege	11916	wmic.exe
Token: SeSystemtimePrivilege	11916	wmic.exe
Token: SeProfSingleProcessPrivilege	11916	wmic.exe
Token: SeIncBasePriorityPrivilege	11916	wmic.exe
Token: SeCreatePagefilePrivilege	11916	wmic.exe
Token: SeBackupPrivilege	11916	wmic.exe
Token: SeRestorePrivilege	11916	wmic.exe
Token: SeShutdownPrivilege	11916	wmic.exe
Token: SeDebugPrivilege	11916	wmic.exe
Token: SeSystemEnvironmentPrivilege	11916	wmic.exe
Token: SeRemoteShutdownPrivilege	11916	wmic.exe
Token: SeUndockPrivilege	11916	wmic.exe
Token: SeManageVolumePrivilege	11916	wmic.exe
Token: 33	11916	wmic.exe
Token: 34	11916	wmic.exe
Token: 35	11916	wmic.exe
Token: 36	11916	wmic.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 4300	1676	NitroGen.exe	86
PID 1676 wrote to memory of 4300	1676	NitroGen.exe	86
PID 4300 wrote to memory of 2600	4300	NitroGen.exe	88
PID 4300 wrote to memory of 2600	4300	NitroGen.exe	88
PID 2600 wrote to memory of 3400	2600	cmd.exe	90
PID 2600 wrote to memory of 3400	2600	cmd.exe	90
PID 3400 wrote to memory of 2004	3400	NitroGen.exe	91
PID 3400 wrote to memory of 2004	3400	NitroGen.exe	91
PID 2004 wrote to memory of 2072	2004	NitroGen.exe	92
PID 2004 wrote to memory of 2072	2004	NitroGen.exe	92
PID 2072 wrote to memory of 3136	2072	cmd.exe	94
PID 2072 wrote to memory of 3136	2072	cmd.exe	94
PID 3136 wrote to memory of 2412	3136	NitroGen.exe	95
PID 3136 wrote to memory of 2412	3136	NitroGen.exe	95
PID 2412 wrote to memory of 4948	2412	NitroGen.exe	96
PID 2412 wrote to memory of 4948	2412	NitroGen.exe	96
PID 4948 wrote to memory of 4392	4948	cmd.exe	98
PID 4948 wrote to memory of 4392	4948	cmd.exe	98
PID 4392 wrote to memory of 1268	4392	NitroGen.exe	99
PID 4392 wrote to memory of 1268	4392	NitroGen.exe	99
PID 1268 wrote to memory of 1468	1268	NitroGen.exe	102
PID 1268 wrote to memory of 1468	1268	NitroGen.exe	102
PID 1468 wrote to memory of 3784	1468	cmd.exe	104
PID 1468 wrote to memory of 3784	1468	cmd.exe	104
PID 4300 wrote to memory of 4504	4300	NitroGen.exe	105
PID 4300 wrote to memory of 4504	4300	NitroGen.exe	105
PID 4504 wrote to memory of 3684	4504	cmd.exe	107
PID 4504 wrote to memory of 3684	4504	cmd.exe	107
PID 3784 wrote to memory of 2856	3784	NitroGen.exe	109
PID 3784 wrote to memory of 2856	3784	NitroGen.exe	109
PID 2856 wrote to memory of 5080	2856	NitroGen.exe	111
PID 2856 wrote to memory of 5080	2856	NitroGen.exe	111
PID 3684 wrote to memory of 4992	3684	NitroGen.exe	113
PID 3684 wrote to memory of 4992	3684	NitroGen.exe	113
PID 2004 wrote to memory of 3208	2004	NitroGen.exe	114
PID 2004 wrote to memory of 3208	2004	NitroGen.exe	114
PID 5080 wrote to memory of 4968	5080	cmd.exe	116
PID 5080 wrote to memory of 4968	5080	cmd.exe	116
PID 4992 wrote to memory of 3664	4992	NitroGen.exe	117
PID 4992 wrote to memory of 3664	4992	NitroGen.exe	117
PID 3208 wrote to memory of 4028	3208	cmd.exe	118
PID 3208 wrote to memory of 4028	3208	cmd.exe	118
PID 4968 wrote to memory of 2780	4968	NitroGen.exe	120
PID 4968 wrote to memory of 2780	4968	NitroGen.exe	120
PID 3664 wrote to memory of 2500	3664	cmd.exe	121
PID 3664 wrote to memory of 2500	3664	cmd.exe	121
PID 4028 wrote to memory of 452	4028	NitroGen.exe	122
PID 4028 wrote to memory of 452	4028	NitroGen.exe	122
PID 2780 wrote to memory of 3816	2780	NitroGen.exe	123
PID 2780 wrote to memory of 3816	2780	NitroGen.exe	123
PID 3816 wrote to memory of 3556	3816	cmd.exe	125
PID 3816 wrote to memory of 3556	3816	cmd.exe	125
PID 2412 wrote to memory of 2592	2412	NitroGen.exe	126
PID 2412 wrote to memory of 2592	2412	NitroGen.exe	126
PID 452 wrote to memory of 956	452	NitroGen.exe	128
PID 452 wrote to memory of 956	452	NitroGen.exe	128
PID 2500 wrote to memory of 2888	2500	NitroGen.exe	130
PID 2500 wrote to memory of 2888	2500	NitroGen.exe	130
PID 2592 wrote to memory of 2880	2592	cmd.exe	131
PID 2592 wrote to memory of 2880	2592	cmd.exe	131
PID 3556 wrote to memory of 2784	3556	NitroGen.exe	132
PID 3556 wrote to memory of 2784	3556	NitroGen.exe	132
PID 1268 wrote to memory of 992	1268	NitroGen.exe	133
PID 1268 wrote to memory of 992	1268	NitroGen.exe	133

C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
"C:\Users\Admin\AppData\Local\Temp\NitroGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2004
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        8⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:2856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:2784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        23⤵
        
        PID:5916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        25⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        26⤵
        
        PID:6784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        27⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        28⤵
        
        PID:12352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        27⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        28⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        29⤵
        
        PID:15136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        30⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        31⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        32⤵
        
        PID:10280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        30⤵
        
        PID:8692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        27⤵
        
        PID:7944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        27⤵
        
        PID:12392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        27⤵
        
        PID:10324
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        28⤵
        
        PID:11680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        27⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        28⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        29⤵
        
        PID:12096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        30⤵
        
        PID:15800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        27⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        28⤵
        
        PID:14600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        27⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        28⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        29⤵
        
        PID:13080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        27⤵
        
        PID:11148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        27⤵
        
        PID:11908
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "netsh advfirewall set allprofiles state off"
        28⤵
        
        PID:1104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /im firefox.exe /t /f >nul 2>&1"
        27⤵
        
        PID:8952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        24⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        25⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        26⤵
        
        PID:9232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        27⤵
        
        PID:8668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        24⤵
        
        PID:5636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:8216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        24⤵
        
        PID:8296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        23⤵
        
        PID:8780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        25⤵
        
        PID:15960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        24⤵
        
        PID:10608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        22⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        23⤵
        
        PID:10488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        25⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        26⤵
        
        PID:12072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        24⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        25⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        26⤵
        
        PID:11516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        24⤵
        
        PID:2660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:10864
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        25⤵
        
        PID:12704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        23⤵
        
        PID:7644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:8972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:11904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        20⤵
        
        PID:7348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:11500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:9168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:12660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:12428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        23⤵
        
        PID:12888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:8112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        21⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        22⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        23⤵
        
        PID:3416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        21⤵
        
        PID:11616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        21⤵
        
        PID:7328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        20⤵
        
        PID:4680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:12188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:6932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:12476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:11108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        18⤵
        
        PID:11332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        18⤵
        
        PID:12960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        16⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        17⤵
        
        PID:6372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:12636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        23⤵
        
        PID:14636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:13960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:12840
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        22⤵
        
        PID:7944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:12544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        23⤵
        
        PID:15112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:15452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:7600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        20⤵
        
        PID:10984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:8252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:8216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:9184
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        22⤵
        
        PID:10268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:14488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        23⤵
        
        PID:7792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        25⤵
        
        PID:12036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        24⤵
        
        PID:15520
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        25⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        25⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        26⤵
        
        PID:7048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        27⤵
        
        PID:10644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        24⤵
        
        PID:15992
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        25⤵
        
        PID:2020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:12208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:11644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        16⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        17⤵
        
        PID:9228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:10656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:12240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        20⤵
        
        PID:9912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:9080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        20⤵
        
        PID:14228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:14620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        18⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        19⤵
        
        PID:2020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        18⤵
        
        PID:7864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        18⤵
        
        PID:7272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:9324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        16⤵
        
        PID:10032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:10896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        15⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        16⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        17⤵
        
        PID:14112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:4184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:10516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:3964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:2552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:7712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:13096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:12152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:11372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        20⤵
        
        PID:12204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:9592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:11640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        20⤵
        
        PID:10872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        23⤵
        
        PID:8444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:8004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:7136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:13124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:12904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:8164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:12428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        16⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        17⤵
        
        PID:9612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:15356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:11468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        20⤵
        
        PID:8056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:7968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:2880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:16248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:10344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        20⤵
        
        PID:15724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:9564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:5868
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        22⤵
        
        PID:7564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:14164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        23⤵
        
        PID:2592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:3696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        18⤵
        
        PID:7648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:10220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        18⤵
        
        PID:15380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        18⤵
        
        PID:15384
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "netsh advfirewall set allprofiles state off"
        19⤵
        
        PID:2132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        18⤵
        
        PID:1072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        16⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        17⤵
        
        PID:11840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        16⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        17⤵
        
        PID:13496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:16096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:13472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:11456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        13⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        14⤵
        
        PID:8768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        16⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        17⤵
        
        PID:12448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:14260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:7476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:9696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:11616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:12472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:3784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:12032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        16⤵
        
        PID:14740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:15788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:9364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        12⤵
        
        PID:8680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:11864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        12⤵
        
        PID:12512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        12⤵
        
        PID:12548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        11⤵
        
        PID:4540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:5308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:7948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:16264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        20⤵
        
        PID:15940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:11680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:9740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:16272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:15676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        20⤵
        
        PID:6508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        23⤵
        
        PID:10976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:2616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:14068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:7260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        22⤵
        
        PID:7604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:8332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:12024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        18⤵
        
        PID:9568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        19⤵
        
        PID:11112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        18⤵
        
        PID:9164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        18⤵
        
        PID:14612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        18⤵
        
        PID:2188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:7544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:10152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:9180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:11876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:10040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:14000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:8424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:15672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:15976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:13112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:14436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        16⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        17⤵
        
        PID:12868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:14764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:15912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:6840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        15⤵
        
        PID:3540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        11⤵
        
        PID:7288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:8320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:7644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        13⤵
        
        PID:15168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:14268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:7284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:5480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:15496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:12336
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        16⤵
        
        PID:10276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:8440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:16348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:6928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:11136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:11596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:8728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:10596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        12⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        13⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        14⤵
        
        PID:2888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:7852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        12⤵
        
        PID:7100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        12⤵
        
        PID:9364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        12⤵
        
        PID:13420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /im firefox.exe /t /f >nul 2>&1"
        12⤵
        
        PID:13696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName"
        12⤵
        
        PID:16060
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName
        13⤵
        
        PID:6072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:7996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:6448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        9⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        10⤵
        
        PID:12676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:5100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        9⤵
        
        PID:12680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        9⤵
        
        PID:11608
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:4996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:5924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:6460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:6528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        19⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        20⤵
        
        PID:8676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:6060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:9672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:8228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:8976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:12648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:5528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        18⤵
        
        PID:9244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        18⤵
        
        PID:11784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        19⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        20⤵
        
        PID:8804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:3640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        21⤵
        
        PID:13132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        21⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        22⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        23⤵
        
        PID:13444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        24⤵
        
        PID:6320
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        25⤵
        
        PID:10704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        24⤵
        
        PID:3784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        24⤵
        
        PID:15592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        21⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        22⤵
        
        PID:11608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:8376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:8428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:11924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        11⤵
        
        PID:7196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:7920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        10⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        11⤵
        
        PID:16364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:7984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:9044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:5932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:14600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:14752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        12⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        13⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        14⤵
        
        PID:13260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:16312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:7028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:8676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:12704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        9⤵
        
        PID:12440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:10608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        9⤵
        
        PID:12216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        9⤵
        
        PID:6232
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "netsh advfirewall set allprofiles state off"
        10⤵
        
        PID:16112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        8⤵
        
        PID:6960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:7760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:10704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        14⤵
        
        PID:5880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:8380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        18⤵
        
        PID:13528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        16⤵
        
        PID:10940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        16⤵
        
        PID:14132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:8588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:5212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:12084
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        
        PID:8780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:9116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:10736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:1336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        11⤵
        
        PID:15844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:6268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:12340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:15936
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        13⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        14⤵
        
        PID:14424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:7116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:15584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:14880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:8396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:8428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        9⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        10⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        11⤵
        
        PID:12824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:7672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:12324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:7788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:7328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:8808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:6552
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        13⤵
        
        PID:9340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        12⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        13⤵
        
        PID:8036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:15016
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        
        PID:14600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        12⤵
        
        PID:7396
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        13⤵
        
        PID:14068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        12⤵
        
        PID:16116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        12⤵
        
        PID:14032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:14360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        9⤵
        
        PID:12696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        9⤵
        
        PID:14220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        9⤵
        
        PID:2692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2> nul
        9⤵
        
        PID:7508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /im firefox.exe /t /f >nul 2>&1"
        9⤵
        
        PID:14324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName"
        9⤵
        
        PID:15036
        
        C:\Windows\System32\Wbem\wmic.exe
        
        wmic qfe get
        9⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:11916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefaul"
        9⤵
        
        PID:14892
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        8⤵
        
        PID:6860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:13928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:12840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:14120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:8292
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        8⤵
        
        PID:12652
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        8⤵
        
        PID:10632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:14412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:9664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:9568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:12160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:7576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:1260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:12268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        10⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        11⤵
        
        PID:8348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:8016
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:2228
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        8⤵
        
        PID:10752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        8⤵
        
        PID:12828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:14796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:8432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:10100
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
        6⤵
        
        PID:11044
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
        6⤵
        
        PID:11052
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "netsh advfirewall set allprofiles state off"
        7⤵
        
        PID:4940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        6⤵
        
        PID:11164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        8⤵
        
        PID:2888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:4800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:6396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        15⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        16⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        17⤵
        
        PID:14504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        15⤵
        
        PID:10384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        15⤵
        
        PID:11472
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        16⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        16⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        17⤵
        
        PID:14452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:7724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        13⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        14⤵
        
        PID:6656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:9884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        13⤵
        
        PID:15196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        12⤵
        
        PID:11416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        11⤵
        
        PID:9000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        12⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        13⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        14⤵
        
        PID:15868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        12⤵
        
        PID:10640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        11⤵
        
        PID:14304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:10880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:7192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:11912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        9⤵
        
        PID:11992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:10720
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        8⤵
        
        PID:7024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:6616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        10⤵
        
        PID:9172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:12360
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        8⤵
        
        PID:11588
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:7564
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        7⤵
        
        PID:3808
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        7⤵
        
        PID:9120
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
        6⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        8⤵
        
        PID:10032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
        6⤵
        
        PID:12048
        
        C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
        7⤵
        
        PID:2880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
    3⤵
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        5⤵
        
        PID:5196
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        8⤵
        
        PID:1548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:15220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:10324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:12176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:10732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:14584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        9⤵
        
        PID:7984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:7592
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
        8⤵
        
        PID:16304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:10276
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:15196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        9⤵
        
        PID:16116
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        
        PID:11456
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        7⤵
        
        PID:10324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
    3⤵
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        5⤵
        
        PID:5904
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        8⤵
        
        PID:9276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        9⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        10⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        11⤵
        
        PID:7004
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        7⤵
        
        PID:12668
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
        6⤵
        
        PID:9992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests
        8⤵
        
        PID:2008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
        6⤵
        
        PID:10520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex"
    3⤵
    PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
      4⤵
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodomex
        5⤵
        
        PID:9360
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:9460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
    3⤵
    PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome
      4⤵
      PID:12192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet"
    3⤵
    PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
      "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
      4⤵
      PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\NitroGen.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe" -m pip install pycryptodomex --quiet
        5⤵
        
        PID:12052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install requests"
        6⤵
        
        PID:14904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\NitroGen.exe -m pip install pycryptodome "
    3⤵
    PID:6420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe -RemoveDefinitions -All"
    3⤵
    PID:7464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell "netsh advfirewall set allprofiles state off" "
    3⤵
    PID:9848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
    3⤵
    PID:10720

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 816 -p 12356 -ip 12356
1⤵
PID:7592

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 1292 -p 5884 -ip 5884
1⤵
PID:9484

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 1396 -p 9812 -ip 9812
1⤵
PID:6448

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 8568 -ip 8568
1⤵
PID:8668

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7280 -s 392
1⤵
PID:1336

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 12928 -s 16
1⤵
PID:7024

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 1168 -p 12748 -ip 12748
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16762\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\_bz2.pyd

Filesize
81KB

MD5
bbe89cf70b64f38c67b7bf23c0ea8a48

SHA1
44577016e9c7b463a79b966b67c3ecc868957470

SHA256
775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723

SHA512
3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\_ctypes.pyd

Filesize
119KB

MD5
ca4cef051737b0e4e56b7d597238df94

SHA1
583df3f7ecade0252fdff608eb969439956f5c4a

SHA256
e60a2b100c4fa50b0b144cf825fe3cde21a8b7b60b92bfc326cb39573ce96b2b

SHA512
17103d6b5fa84156055e60f9e5756ffc31584cdb6274c686a136291c58ba0be00238d501f8acc1f1ca7e1a1fadcb0c7fefddcb98cedb9dd04325314f7e905df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\_lzma.pyd

Filesize
153KB

MD5
0a94c9f3d7728cf96326db3ab3646d40

SHA1
8081df1dca4a8520604e134672c4be79eb202d14

SHA256
0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31

SHA512
6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\_queue.pyd

Filesize
29KB

MD5
52d0a6009d3de40f4fa6ec61db98c45c

SHA1
5083a2aff5bcce07c80409646347c63d2a87bd25

SHA256
007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75

SHA512
cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\_socket.pyd

Filesize
75KB

MD5
0f5e64e33f4d328ef11357635707d154

SHA1
8b6dcb4b9952b362f739a3f16ae96c44bea94a0e

SHA256
8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe

SHA512
4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\_sqlite3.pyd

Filesize
95KB

MD5
9f38f603bd8f7559609c4ffa47f23c86

SHA1
8b0136fc2506c1ccef2009db663e4e7006e23c92

SHA256
28090432a18b59eb8cbe8fdcf11a277420b404007f31ca571321488a43b96319

SHA512
273a19f2f609bede9634dae7c47d7b28d369c88420b2b62d42858b1268d6c19b450d83877d2dba241e52755a3f67a87f63fea8e5754831c86d16e2a8f214ad72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\base_library.zip

Filesize
812KB

MD5
fbd6be906ac7cd45f1d98f5cb05f8275

SHA1
5d563877a549f493da805b4d049641604a6a0408

SHA256
ae35709e6b8538827e3999e61a0345680c5167962296ac7bef62d6b813227fb0

SHA512
1547b02875f3e547c4f5e15c964719c93d7088c7f4fd044f6561bebd29658a54ef044211f9d5cfb4570ca49ed0f17b08011d27fe85914e8c3ea12024c8071e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\pyexpat.pyd

Filesize
193KB

MD5
43e5a1470c298ba773ac9fcf5d99e8f9

SHA1
06db03daf3194c9e492b2f406b38ed33a8c87ab3

SHA256
56984d43be27422d31d8ece87d0abda2c0662ea2ff22af755e49e3462a5f8b65

SHA512
a5a1ebb34091ea17c8f0e7748004558d13807fdc16529bc6f8f6c6a3a586ee997bf72333590dc451d78d9812ef8adfa7deabab6c614fce537f56fa38ce669cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\pythoncom310.dll

Filesize
653KB

MD5
65dd753f51cd492211986e7b700983ef

SHA1
f5b469ec29a4be76bc479b2219202f7d25a261e2

SHA256
c3b33ba6c4f646151aed4172562309d9f44a83858ddfd84b2d894a8b7da72b1e

SHA512
8bd505e504110e40fa4973feff2fae17edc310a1ce1dc78b6af7972efdd93348087e6f16296bfd57abfdbbe49af769178f063bb0aa1dee661c08659f47a6216d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\pywintypes310.dll

Filesize
131KB

MD5
ceb06a956b276cea73098d145fa64712

SHA1
6f0ba21f0325acc7cf6bf9f099d9a86470a786bf

SHA256
c8ec6429d243aef1f78969863be23d59273fa6303760a173ab36ab71d5676005

SHA512
05bab4a293e4c7efa85fa2491c32f299afd46fdb079dcb7ee2cc4c31024e01286daaf4aead5082fc1fd0d4169b2d1be589d1670fcf875b06c6f15f634e0c6f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\select.pyd

Filesize
28KB

MD5
c119811a40667dca93dfe6faa418f47a

SHA1
113e792b7dcec4366fc273e80b1fc404c309074c

SHA256
8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7

SHA512
107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\sqlite3.dll

Filesize
1.4MB

MD5
aaf9fd98bc2161ad7dff996450173a3b

SHA1
ab634c09b60aa18ea165084a042d917b65d1fe85

SHA256
f1e8b6c4d61ac6a320fa2566da9391fbfd65a5ac34ac2e2013bc37c8b7b41592

SHA512
597ffe3c2f0966ab94fbb7ecac27160c691f4a07332311f6a9baf8dec8b16fb16ec64df734c3bdbabf2c0328699e234d14f1b8bd5ac951782d35ea0c78899e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16762\win32api.pyd

Filesize
130KB

MD5
00e5da545c6a4979a6577f8f091e85e1

SHA1
a31a2c85e272234584dacf36f405d102d9c43c05

SHA256
ac483d60a565cc9cbf91a6f37ea516b2162a45d255888d50fbbb7e5ff12086ee

SHA512
9e4f834f56007f84e8b4ec1c16fb916e68c3baadab1a3f6b82faf5360c57697dc69be86f3c2ea6e30f95e7c32413babbe5d29422d559c99e6cf4242357a85f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\altgraph-0.17.4.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_ARC4.pyd

Filesize
11KB

MD5
aba0195eb33d86216170dcff947debdb

SHA1
acbe4dc26ad65de51385cd95128491c64def9502

SHA256
1f588a0d71c5378987fe05224493d85e93d02a52ce0b05809a06fc2bd489c325

SHA512
8e4c7e02e55c7a64f81a2256a0b926a8cad676571b6f822f7fdfda5e4cc3ebf2a3ee45188ba2d2d639977cd4dcdbd737ca33de7e838f3cd0b17c948af6b65280

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_Salsa20.pyd

Filesize
13KB

MD5
5b855b3e838d9c7faad4bd736cf56d59

SHA1
ad51237a6e2d1beefddabfc8bd8ac0e205ed735f

SHA256
7d1b252adc643deeb896430b58cf457436152351eb7fa043b4b24736c9edf864

SHA512
180207b3bd88976240eccf39f2f174af0d13feefd9b22b92363c0d947e8bd5b1523417a73d4b5aaf9252a59162e34e2f5df76c837cbd1b458d1830f4d4c70918

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_chacha20.pyd

Filesize
13KB

MD5
5298ca8a45bb3add1a03ec4cf8a46072

SHA1
ce7984facb2de472e247e4bba042feb406e1abe1

SHA256
d70795d5b6103ac1d81794d209085c573e4554a312ccd762cc5767ac98e5965c

SHA512
b319464e07f3148f2079e22db5b13ca08ccfe1986cd26a066b07147d6bf28e8b5d764c80aa22a33a5dfd7c9bc66fe39cbc4fc800e7ff6e13f0de8856760a7242

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_pkcs1_decode.pyd

Filesize
12KB

MD5
68fd499c14cdda49c5460e377410c30e

SHA1
16cd9c10c564f4fb16ceee33da21bd4d4eb367b9

SHA256
48958204c0cc8412758c33fb4a970c87a83be5a8a889959fe8831793d8102e06

SHA512
a9b529560abdef38110a2147ef3e7924ea43a75d946d95ceb745015b690811aa2509f387d7868f1c9c6be526e2e32a764fe84c062cad315feee344f38d9819f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_aes.pyd

Filesize
35KB

MD5
3bd3af4c84932cd1ab5a8084040a76f6

SHA1
fd0429540688a8b2f6812c6347946910c6e8765d

SHA256
437e89fd3dd47f5deb6165f4f2a7f228cd415fb7f3d5df5c1cb16a90044008ce

SHA512
01dc0ddd1859e67a3c7b6ea92121cf1dbc2b8e440f9ecc5f182caac576feea57637d8437314058bce7de65dd2bff70411a667caa042fa51f8630b641e33e9c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_aesni.pyd

Filesize
15KB

MD5
0ba521ebcf0851b1283dc25766490460

SHA1
84c7f4e5cda3f41461e95a11c35f438c10961efc

SHA256
782cb833fa04dafa51bf1cb8cc811d71c9c6598208eed046ef5d8294e3651818

SHA512
e02760f673bcbfeaab3aad86ad355070f80e573a68fbce4deb46ab5873a80d0b8b6744753f44437220e85d4d8e8d65d214780bf4ef5883ac92d05ecbcfd6da96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_arc2.pyd

Filesize
16KB

MD5
75a2d9a48df773694e82534635be7b9c

SHA1
4dc026b68cf697e8c5803775a5a9dad656f8b247

SHA256
b8d36c0ed8c994ed11f36b2abc7d3c5116c215719bdc19c9596bb9e3fb811a4b

SHA512
6221071ee7d441ffd83229b106b448def0e59354f17b16048d5c169583312ade5534175f6d8a02c0827d68682c4343c27e3f002e5fc126c5f2300e0ec00ee18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_blowfish.pyd

Filesize
20KB

MD5
aaf446aaf23c92fad7d41b82daa6f03c

SHA1
61914be2abde68d24919e5f9124256efb3a35b97

SHA256
0432e9cf535c5c50dfa6776777ba89a2076bbf2dc6db0efa6c84483f501b00e3

SHA512
b95e6fa8b5caf3085eed7e654b52ab2c734c9976223f0f8f8801ce98dd2531a4019b9879ffd468130bfbbed931b26c9148f3a9b91c8f4353b3492280e693bed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_cast.pyd

Filesize
24KB

MD5
07d25b197c0e35bfd3c96550c5c64a6d

SHA1
51b7d8d18ef6d67830f58124b0c5b685a34a067b

SHA256
feffaed6dbf10d4359de74f6da88c03c6a6b50d1568c5330343927e7797e3ec1

SHA512
1fb783ff9b10cd5ef02c2e00ba5594561ae6cd5f2dbe0d87d746a3e257579b7ec4644d44456f6d6119b2d3af90613f5ac8caa9d34a1d8b78550c532fcb78722d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
a1b78a3ce3165e90957880b8724d944f

SHA1
a69f63cc211e671a08daad7a66ed0b05f8736cc7

SHA256
84e071321e378054b6d3b56bbd66699e36554f637a44728b38b96a31199dfa69

SHA512
15847386652cbee378d0ff6aad0a3fe0d0c6c7f1939f764f86c665f3493b4bccaf98d7a29259e94ed197285d9365b9d6e697b010aff3370cf857b8cb4106d7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_cfb.pyd

Filesize
13KB

MD5
0dca79c062f2f800132cf1748a8e147f

SHA1
91f525b8ca0c0db245c4d3fa4073541826e8fb89

SHA256
2a63e504c8aa4d291bbd8108f26eecde3dcd9bfba579ae80b777ff6dfec5e922

SHA512
a820299fba1d0952a00db78b92fb7d68d77c427418388cc67e3a37dc87b1895d9ae416cac32b859d11d21a07a8f4cef3bd26ebb06cc39f04ad5e60f8692c659b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_ctr.pyd

Filesize
14KB

MD5
785f15dc9e505ed828356d978009ecce

SHA1
830e683b0e539309ecf0f1ed2c7f73dda2011563

SHA256
b2b68de1d7e5997eb0c8a44c9f2eb958de39b53db8d77a51a84f1d1b197b58b1

SHA512
16033b72be6d66ab3a44b0480eb245d853a100d13a1e820eff5b12ce0bb73e17d6e48b3e778d1b20d0c04fe1fb8a5723c02ed8af434ae64d0944f847796d98f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_des.pyd

Filesize
56KB

MD5
b9500783d7451e625999bfe450c7d02f

SHA1
ba22cdfd949089d7bdc9397af35a45a2010736c4

SHA256
67da8e4b89954e385d282096f05867047a9edf6434d2c148dd384aeea782b19a

SHA512
0069fa0e96331f9e25f0c191eec482a734dfa66403cb3544f401455a3b1e9b0e9b5d0ceef91f3b62ca867b52faf83c98f5bb362f052e5f1111a156bcbd7a3761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_des3.pyd

Filesize
57KB

MD5
ddbe90ede6a159167987500e1f1fa56f

SHA1
f4402803bc23288c7a790a8f1e9edd6633e54203

SHA256
77b8c96a7880961397d8b201f26d5c1608114fddf9012614378472615d9f8cce

SHA512
b8e61748f6a07a8fcbee2cc46410071e878e35d4058b4fa771cebcb3dc24a65961487227ca4c1a2ffa14713d8a03ceeb4f40949125e2977a7b0739889accb56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
aec314222600ade3d96b6dc33af380a6

SHA1
c6af3edadb09ea3a56048b57237c0a2dca33bee1

SHA256
ea96505b38d27c085544fb129f2b0e00df5020d323d7853e6a6a8645ac785304

SHA512
bbc00aa7fdf178bb6b2d86419c31967f2bc32d157aa7ee3ac308c28d8bf4823c1fafcde6c91651edc05c146e44d7e59e02a76283890652b27c52f509c3b9ef9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_eksblowfish.pyd

Filesize
21KB

MD5
41a89191b9b8e07ed9c547ac438db4a3

SHA1
219ea040034c8cbb62cd89adb6e10dd048c31778

SHA256
5e07e02f8e4de54771a3d2d4f827eec344a0d9c9bd92d12cb3d675985a43eef5

SHA512
cbfd168eeb79e95587e90e1852fe9a8125afe71eea5590fdf3fe4e7850b9253384d96e2babe4b6cb2e1ae6d67e5dabbf7542f7c5d8366b86d202c0a75c4e8c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_ocb.pyd

Filesize
17KB

MD5
759aa7ff756f6eb615ab4890dedd113d

SHA1
3f6ab4e9a4a6a75e7b5d356582a81afda9ba635f

SHA256
242b35bf5918bd1cba69feaad47cbb50431d750edca6033875983e5fd4d9499c

SHA512
1fc3feac358b93cc2f6c4825cb150787f1ded00ae616b5b3fa26ebb1b43fec6c2af04436e021a1b0c2e219ab2203108d7447cdfef3d48d710bac18586a107e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Cipher\_raw_ofb.pyd

Filesize
12KB

MD5
4ed6d4b1b100384d13f25dfa3737fb78

SHA1
852a2f76c853db02e65512af35f5b4b4a2346abd

SHA256
084e4b2da2180ad2a2e96e8804a6f2fc37bce6349eb8a5f6b182116b4d04bd82

SHA512
276201a9bcb9f88f4bbac0cd9e3ea2da83e0fb4854b1a0dd63cff2af08af3883be34af6f06ece32fad2fd4271a0a09a3b576f1ed78b8a227d13c04a07eaf0827

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_BLAKE2b.pyd

Filesize
14KB

MD5
9f3270860b5081bf0c760dfe2a3c9b56

SHA1
828e5df0e0c32117b16ea2f191045343c03189af

SHA256
a5bbe28a102960ab0bfe5aef5344ccebed680996d97e984a28fec30a0378a4ec

SHA512
78d68ad257309a48e8dbd7bd8732290b0f8fa26ff382708586045e9f68650453963f2c11bcef13247a9ff08eb7a6079f6b78c5d85e5c329e2e1687b53bc63123

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_BLAKE2s.pyd

Filesize
14KB

MD5
c482fe81df435cddef783ab0d8ad78b6

SHA1
25e0e650f9135110234091d5263be1721b8fe719

SHA256
55e20e1effe80f0d6655d690fa445659e0c692b800c4a01ecf3d43dfcb3324b2

SHA512
ef5a965b8505944e6b37581763cd9d525bbf1b877bfed319535aab675d0382b8655cd6a4f2832f608c1d89cfd0dae6005deda73a86b9d2d6e874953788ee0d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_MD2.pyd

Filesize
14KB

MD5
68ae8ef3b0499a0eae6d9dcf6cc3fce7

SHA1
0349823078dd6ecdd2a5f3d0d12ecfdeff262b9e

SHA256
c10ef2c6105f06be03bee0aa14c54459a16eb7273167f2fc72d01472aed5fd6d

SHA512
053dc5a5d7cb6e456dda60fc50c916f58bb026f46ce4d5c1169169e69254f6607914b78af448228b86c18766ec9b42a1ba521836c6ace2e58d8bfbcf55173bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_MD4.pyd

Filesize
13KB

MD5
b3951783eba6d4fab923c72f3a2c878a

SHA1
6e039bb7f85f143149bf60140bb4e061dcf3576b

SHA256
5d3c09ad192b426667ed9f4fe6fc44114f5c6d883c2d2c45740c2a10085a877d

SHA512
29a45e6b3a3179793ea105698e26bee1a58573ff89b231e3f1feb371f5df31458a9dda8d9408ea9144f68048a66e30899ec70283abead810cb52e52800333d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_MD5.pyd

Filesize
15KB

MD5
9de2cfd4fe88f9e8e3820ce931fc1129

SHA1
c2ea2284200ebbdc1179f36e8fa79f9ed0b27e80

SHA256
49e10215e1d6966b03470af10e7d3b8bd5b5d6707a258c3b1286ff002145e3d1

SHA512
c6d0e43df0e8f8e665bb1a78005a04f673e6b5211db0a0f1d640088782d736838944f0612a59a3c0cb930631108b93fd8c2d51bf191a81a06fb6d5a3388cff06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_RIPEMD160.pyd

Filesize
13KB

MD5
90d1b3f8a9d7bd9a983f20e6d3717fe3

SHA1
e4c8804dd675336fcaf3347581c57552091f5542

SHA256
96c6205a2771f96971415be26ed78fa60a863cca7305aa0abf5e53ef9278adb4

SHA512
f3b6eafbc235b0431ad03b7b296402f7dc40e4cf65b12c7c2d9b5d22a1dc5f1ac3f5be9e4e56bd0195201cd5b1f851f3dde4fe14f9778c49fa34786299d2eaf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_SHA1.pyd

Filesize
17KB

MD5
67e8ab67b5db0a50af2aedea886eb362

SHA1
a7d071a3be454b78a0a0bb100e5d9859c12f98e6

SHA256
044b09a6351db40fe1f242c70942d865ce4cd42a12f24e358f84ae790677d92d

SHA512
b2e41422b6642e000d9220a1cf4188b1845a8cf9498338d66ca0dcc0724540694719a4d3eda017ca6f2f77c3d6a6c427c6c86db3910c686cecb58a40c5239e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_SHA224.pyd

Filesize
21KB

MD5
9f6ea560abd556e1e372137beafd630c

SHA1
e8fbc6aaefa6a28957486ee024b45c8548efefb4

SHA256
282b357a06dc7d903b47a26535dca2d5561007df3fd2cfe6a1d984e0e9af991e

SHA512
869716ab2501012d1236be7cdeded16a62031a409a8fe630d0f7817c1341321205f5b5a1bbb389fec4661b6bb061552c464895efcc7e01403bd0fcced40557f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_SHA256.pyd

Filesize
21KB

MD5
7a573f50bd6942e9bb68307e5b6a0bff

SHA1
7e0e435c8589ec3cecfe6354ae9e5ae868b9b209

SHA256
c6cd3f23d027febdf48161d3b74edb6c9d4d1bde23f775990f49572d8eb9dfb9

SHA512
9ecd754b99e020a169366cb8c99816070221c4db2c1ef8c23b6dac765e6bb56ea3abbe969025aecede8eb6c3ea8c626562f2cda3c4ea537c5db1a841f19c2ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_SHA384.pyd

Filesize
26KB

MD5
fc70e2af29a514ce21deb91fa2f21b53

SHA1
6ed627dd441483acb43085273fb69d787eb21a2e

SHA256
bb0a16a2528a32e933ebe0b3a6ef85693d9d2993880675190633b87dd70b219d

SHA512
e1217276b9e7d57eef9854150e27e0d196ceb9125938bbd0376c7af48303b3e3f98c41e65a398ff06dc413266208cc6707dbebd2c6415281b2f6771f9914f627

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_SHA512.pyd

Filesize
26KB

MD5
51531f4c138871da66e26ad05176a7f7

SHA1
73f239ab5fda66124440fcdadb25089f7db53747

SHA256
ee0e755ebeb1650dda116ea9ce1a173dd484070377340d277fe0ffc5a02b1838

SHA512
888008dd7cea947c9b7506b9b4608a0e65d5886658a95fd5895eaeefdf27e55c957fe750e6ec17e4e39fe2786aa2c4bb99b899cb8c1567ab3bb64c07923853cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_ghash_clmul.pyd

Filesize
12KB

MD5
88e3148d1eb84022e508736d0d488185

SHA1
4d1d3251cc5e61c7fcf5dc6273e3d7ba301d6ca9

SHA256
ba4c1492bb4884f3d77f61a7d23ec9e190eb7da3a115a271d0954d933264fb71

SHA512
25a86c56b84275c2314ad1fd98635b43373977dfc6f2f6737f22b1962a3bb5480539a35db9fbb70fca16f5acb5f19bab63e1cada776d1667d07332322f641a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_ghash_portable.pyd

Filesize
13KB

MD5
1a3a27f63afeb42c0282eada02ac834a

SHA1
fadda44628aef3ec70cc02fc0e43a88c7832f7bc

SHA256
e7a7ab2d31aee3b99773c814114d60eb71107ef862930c582f99313943249163

SHA512
0d6d397f87cc5a8a83f1df20687c967df4faf80cf0807ae2b06969e16c107f18a5d39ce34c32c42a53d1726a50860c180266ecad81b4235f041920f496b25fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_keccak.pyd

Filesize
15KB

MD5
3cfa49a173b55891d855bf6d4feb56c2

SHA1
2ac09a5f0082b40b4dd801d436de0391c76a5e6e

SHA256
0fab7df1e54416434f670ef97ed474fa11c09aa30bed1a8575a09e26db6df63c

SHA512
ad4b300c8f561a6068946590d53551c93d99d5a728ed87d142b4186ca65c28fe793d343bc09804ab9aea2b8faa263f06073be4231d610390efd65472c5e7aac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Hash\_poly1305.pyd

Filesize
15KB

MD5
eca16bb6ef78adf91705acd412ce4f49

SHA1
c1ffa8fd2a8898ccf4c923b54c015314dc76b333

SHA256
3a22c6e97ad47a8fa33e9b28455ce3e6d72008a9a1800f6489ff5af752c37f18

SHA512
dac721445e07944266bbfa4e6ae4cb5018fd2e042455d5fa545fa93cb009f3e539bb88fc2fa4ceb758c2aabca67fccd2043368f0d9b5b83ebef35346f9eb7562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Math\_modexp.pyd

Filesize
35KB

MD5
beec00f147b53ef8033eb5df8821aef0

SHA1
ff0f5f7c8f168986580c9ffe3b256c966bb0c820

SHA256
404edf6130c709a88b7387f51b6d746bed96230e6c0e670641afca799279b504

SHA512
678c1e64a7632d8b2628c30578da227fafc4d8ae14e020c183fa4ad3b99e2ad45dd695341e7b3196b6e199e68fa5edabb651757df34c395a63db548d770da649

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Protocol\_scrypt.pyd

Filesize
12KB

MD5
dd7d22a0afe540c07ce9d919cd779203

SHA1
0e76db96ec2d9922937a77abedb7e61037cc8cb9

SHA256
880a4418d81c4da0d588c0cfd7c68d8c5476385d9203a2d6ded25a0f7b330a76

SHA512
bd720cf67e264040f8076edbb72843305094f1d87bd03a1e9fbeb47564f3963120d76bad6887fea560b45958f2ffa929a7d63ea1ec9b633da23784d98a68c32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\PublicKey\_ec_ws.pyd

Filesize
737KB

MD5
62a32904910d5550f21c4c4d08993abe

SHA1
834fb3919e49439353b62a8b7456e6e5e879efe0

SHA256
3ee17f4004b4ea1db4d85db545223aadd6fdd635df6120a354f6dc605f848b76

SHA512
7d45ad10623f297485789db5bfc153fc8dbc5db0f1e60d2b244b8b02dace9a5dd9f947c6ebd7e67739ddcb25569f056fbb131afb55e817ea6f29112c122fba1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\PublicKey\_ed25519.pyd

Filesize
27KB

MD5
9e8c8445a0afce8fb90f09393d8632a7

SHA1
f71d027b4064c60bcd6a997e770fba9f157c907c

SHA256
401915cd7832f79187dbe9c1837ef3d2f1c5f274552500a7610453537c3865f5

SHA512
e8e7836f1fb28964c1f921ef3ffe42cf43614f52e74bb88458673f216340322b591916fa7fb1e36270ca959a9faa18aa70c42d5f72b1015bea8f9198c30bd36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\PublicKey\_ed448.pyd

Filesize
66KB

MD5
6e8f6149b570fd60969fb9183ba87ceb

SHA1
f7efa3b00072b00847e63061fe16d9722874dc62

SHA256
7c212e351bb27b6e88c9fcca8315405ee6e3098e88ffb31a2706950e537ca52c

SHA512
df74418ff014ac96cc8c78f964536992e18129b19f17d1ebf4bdda0e30d168f5f6628d28a0da1a63f89eefd1a9bf332360317fe2cf50636834ad1124420f05da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\PublicKey\_x25519.pyd

Filesize
10KB

MD5
f1a2e905085675fc72de2ba11bf43370

SHA1
6ba1331feed29af133e9fbda5781ccec8dc57319

SHA256
faaea0bfc5eafa3ebcd625a4f12ccd260d8af2236d073c86a30c3a1ae38ba141

SHA512
1472363871d5c69a5966e32be8a11c1e3976a5acc3f5ae51945884514ba4e66ff0c36597152e5a349fb16e66aac2d4465c1f58ee1322d0712f7af63875115afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Util\_cpuid_c.pyd

Filesize
10KB

MD5
a9b7c866c5a18cc96570cca3be6a2433

SHA1
4f78c7516e512529b977048bc87ed3a95383b44e

SHA256
72998624c023b21f21e449f3268b7e839b248ba55440087cb6b421ed65f9a1b5

SHA512
ec890e84384c7b1804ce73b097ef068bada15adb5f76e1e9b2bcc54cde910165a9729f40a1ac18d196ddd3ee4ee60a0cfaa6d56daafcad10630ad2658faf485b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\Crypto\Util\_strxor.pyd

Filesize
10KB

MD5
5738d83e2a66b6ace4f631a9255f81d9

SHA1
5b6ebb0b82738781732cf7cfd497f5aeb3453de2

SHA256
f2718adadb6e9958081dcb5570ef737c66772c166a6ad8c0401adcd9a70f46a0

SHA512
bb21b62fd7fee22dfa04274d0fa1aec666c7845cd2ec3f01f1a0418a2c68f228ec0ae451c793ccae3aa88f1efee5d6019138c0975497518f990b8511b2fd0e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\_cffi_backend.cp310-win_amd64.pyd

Filesize
177KB

MD5
ebb660902937073ec9695ce08900b13d

SHA1
881537acead160e63fe6ba8f2316a2fbbb5cb311

SHA256
52e5a0c3ca9b0d4fc67243bd8492f5c305ff1653e8d956a2a3d9d36af0a3e4fd

SHA512
19d5000ef6e473d2f533603afe8d50891f81422c59ae03bead580412ec756723dc3379310e20cd0c39e9683ce7c5204791012e1b6b73996ea5cb59e8d371de24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\_decimal.pyd

Filesize
242KB

MD5
6339fa92584252c3b24e4cce9d73ef50

SHA1
dccda9b641125b16e56c5b1530f3d04e302325cd

SHA256
4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96

SHA512
428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\_hashlib.pyd

Filesize
60KB

MD5
d856a545a960bf2dca1e2d9be32e5369

SHA1
67a15ecf763cdc2c2aa458a521db8a48d816d91e

SHA256
cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3

SHA512
34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\_multiprocessing.pyd

Filesize
32KB

MD5
62733ce8ae95241bf9ca69f38c977923

SHA1
e5c3f4809e85b331cc8c5ba0ae76979f2dfddf85

SHA256
af84076b03a0eadec2b75d01f06bb3765b35d6f0639fb7c14378736d64e1acaa

SHA512
fdfbf5d74374f25ed5269cdbcdf8e643b31faa9c8205eac4c22671aa5debdce4052f1878f38e7fab43b85a44cb5665e750edce786caba172a2861a5eabfd8d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\_ssl.pyd

Filesize
155KB

MD5
9ddb64354ef0b91c6999a4b244a0a011

SHA1
86a9dc5ea931638699eb6d8d03355ad7992d2fee

SHA256
e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab

SHA512
4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\_win32sysloader.pyd

Filesize
14KB

MD5
f9c9445be13026f8db777e2bbc26651d

SHA1
e1d58c30e94b00b32ad1e9b806465643f4afe980

SHA256
c953db1f67bbd92114531ff44ee4d76492fdd3cf608da57d5c04e4fe4fdd1b96

SHA512
587d9e8521c246865e16695e372a1675cfbc324e6258dd03479892d3238f634138ebb56985ed34e0c8c964c1ab75313182a4e687b598bb09c07fc143b506e9a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\altgraph-0.17.4.dist-info\LICENSE

Filesize
1002B

MD5
3590eb8d695bdcea3ba57e74adf8a4ed

SHA1
5b3c3863d521cf35e75e36a22e5ec4a80c93c528

SHA256
6c194d6db0c64d45535d10c95142b9b0cda7b7dcc7f1ddee302b3d536f3dbe46

SHA512
405e4f136e282352df9fc60c2ce126e26a344dd63f92aab0e77de60694bd155a13cf41c13e88c00fb95032a90526ad32c9e4b7d53ca352e03c3882ed648821f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\altgraph-0.17.4.dist-info\METADATA

Filesize
7KB

MD5
22177e21cadf554a961f1eb13da4ceaf

SHA1
35610f8c8ae735ac6a03c7556b55170248748d6b

SHA256
691116cb60e4b1dd5554077804932fd0290357120fc9921f03d27664526b1295

SHA512
a213c826d1b84bd7207bb6fa652b2f618d27b05abc9f308086d704fd6a5d4a26be75522786ec77c650ab52d35d2b34a6096bcbd9553d8c7ac1372ee4b59f72b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\altgraph-0.17.4.dist-info\RECORD

Filesize
1KB

MD5
8f6caaf90b4c653279efd81ccffff5e3

SHA1
a95049b0512a670c609d9ff2ad68cbdc62712bca

SHA256
2d8dce3d5542ec6aba57299511ae6bd61ebd4789c52ae67715e219b616cc356c

SHA512
304185ee1a09c94d73c1d2d98fa5694f7be2e5475111ee03c491fac79f3c888d4e63c2d564b7611c339a9589a7b26e4d67e8638a887257edb61864e20958e2b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\altgraph-0.17.4.dist-info\WHEEL

Filesize
110B

MD5
f1effd0b429f462bd08132474a8b4fa6

SHA1
a9d3050af622bda1bd73c00dc377625ff44d2559

SHA256
6bece9151209cceab941fba10736e1880d5e1d3ccd0899fc39d46f85d357d119

SHA512
ef7d53063cfcb54155f4c700c9e99adba9bf6085296b8cf1e3ab86767b7c96d1a4ebf4f6b19d4942da7f6cbc0ac25dfea8eae4ce461b1701cb1acf9b2b68bb6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\altgraph-0.17.4.dist-info\top_level.txt

Filesize
9B

MD5
beb0ca64aa7dd6722f65930793f447d5

SHA1
9bba1bce17fb25bdc9e6aa7ad8077999422efd86

SHA256
1c405e4567f922d54f73b63d856ee11a5acb5d98cfa0be1bcba08084157f0700

SHA512
bc4c40bcc527a9e40a934b6b594278a89625c9142795582c223e227a2d6ecceb3233f10aa790e87d44171207ac0feac09581bd63c71937f97bb8f07e8cc88f30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\altgraph-0.17.4.dist-info\zip-safe

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\certifi\cacert.pem

Filesize
287KB

MD5
2a6bef11d1f4672f86d3321b38f81220

SHA1
b4146c66e7e24312882d33b16b2ee140cb764b0e

SHA256
1605d0d39c5e25d67e7838da6a17dcf2e8c6cfa79030e8fb0318e35f5495493c

SHA512
500dfff929d803b0121796e8c1a30bdfcb149318a4a4de460451e093e4cbd568cd12ab20d0294e0bfa7efbd001de968cca4c61072218441d4fa7fd9edf7236d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
117KB

MD5
494f5b9adc1cfb7fdb919c9b1af346e1

SHA1
4a5fddd47812d19948585390f76d5435c4220e6b

SHA256
ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051

SHA512
2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\LICENSE

Filesize
197B

MD5
8c3617db4fb6fae01f1d253ab91511e4

SHA1
e442040c26cd76d1b946822caf29011a51f75d6d

SHA256
3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb

SHA512
77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\LICENSE.APACHE

Filesize
11KB

MD5
4e168cce331e5c827d4c2b68a6200e1b

SHA1
de33ead2bee64352544ce0aa9e410c0c44fdf7d9

SHA256
aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe

SHA512
f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\LICENSE.BSD

Filesize
1KB

MD5
5ae30ba4123bc4f2fa49aa0b0dce887b

SHA1
ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8

SHA256
602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb

SHA512
ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\METADATA

Filesize
5KB

MD5
07e3eea441a0e6f99247d353bd664ea1

SHA1
99c8f9c2dd2d02be18d50551ed4488325906c769

SHA256
04fe672bf2aa70ff8e6b959defe7d676dcdfd34ee9062030ba352a40db5e2d37

SHA512
24f458c831f7a459d12e0217f4bd57f82a034fec9ea154cac303200e241a52838a1962612c5aaff5cd837f668fdc810606624dca901f4274973f84a9adba8d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\RECORD

Filesize
14KB

MD5
d275613f615cb5fcf45585170a604dab

SHA1
4bd98a605b85ba928e80b85a01a721524b50d033

SHA256
16f460f3c87e19db61a114394eaf4f6c9bb5259f21678584c6a1988b5befceb6

SHA512
14702c121f1a1060b5acecd5205d0f9a78776af9cfc24c83f2c546bd808fa42032ed6e021b91eec99584d67f7e2f3c755ffdd7bfdc07a10af555386546404809

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\WHEEL

Filesize
100B

MD5
c48772ff6f9f408d7160fe9537e150e0

SHA1
79d4978b413f7051c3721164812885381de2fdf5

SHA256
67325f22d7654f051b7a1d92bd644f6ebaa00df5bf7638a48219f07d19aa1484

SHA512
a817107d9f70177ea9ca6a370a2a0cb795346c9025388808402797f33144c1baf7e3de6406ff9e3d8a3486bdfaa630b90b63935925a36302ab19e4c78179674f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography-42.0.8.dist-info\top_level.txt

Filesize
13B

MD5
e7274bd06ff93210298e7117d11ea631

SHA1
7132c9ec1fd99924d658cc672f3afe98afefab8a

SHA256
28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97

SHA512
aa6021c4e60a6382630bebc1e16944f9b312359d645fc61219e9a3f19d876fd600e07dca6932dcd7a1e15bfdeac7dbdceb9fffcd5ca0e5377b82268ed19de225

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\cryptography\hazmat\bindings\_rust.pyd

Filesize
6.9MB

MD5
f918173fbdc6e75c93f64784f2c17050

SHA1
163ef51d4338b01c3bc03d6729f8e90ae39d8f04

SHA256
2c7a31dec06df4eec6b068a0b4b009c8f52ef34ace785c8b584408cb29ce28fd

SHA512
5405d5995e97805e68e91e1f191dc5e7910a7f2ba31619eb64aff54877cbd1b3fa08b7a24b411d095edb21877956976777409d3db58d29da32219bf578ce4ef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\mfc140u.dll

Filesize
5.4MB

MD5
03a161718f1d5e41897236d48c91ae3c

SHA1
32b10eb46bafb9f81a402cb7eff4767418956bd4

SHA256
e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807

SHA512
7abcc90e845b43d264ee18c9565c7d0cbb383bfd72b9cebb198ba60c4a46f56da5480da51c90ff82957ad4c84a4799fa3eb0cedffaa6195f1315b3ff3da1be47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\COPYING.txt

Filesize
29KB

MD5
371fe7fdee041250f12b3a4658a14278

SHA1
a4aaa06709ff77945ca1a42eccc06c9c99182a27

SHA256
dd7315735d0c3cbb0cc861a3ea4d9cee497568b98cacea64af3ea51f4e4b5386

SHA512
77fba931238b59a44357996ec3a39d5e8cdd8e8cbed963927a814b30aada1f0ff88fb2d62d2dcd9955dba9458c4a310252b72e52963febd0e80639aba53a9d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\METADATA

Filesize
7KB

MD5
773c87abc4e5dcd07b8bb371f14ee941

SHA1
c0d7916dcb39445c03371b62f5c168a01633d4ed

SHA256
47889a0eabe0545af939addd679a6e246cd8f19a99732c6c6b170b9f50d1293a

SHA512
02e1c5895b41d440079c341c7472c2dd3f327435d45c4d8c41bae9d09d5c4ca629a56530d93fc79737c80f6f6ea1bebfc773ed5508deaf34866ea3f2fc9b0b2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\RECORD

Filesize
60KB

MD5
981f66bdf5d5aecf3312378462853e64

SHA1
f9718edfa3277f4320c9bdad7f03547fa8c7fbfc

SHA256
25f2894621be76f69fcd9b7bb506116c42cc44988cd60558120fd879864bb16b

SHA512
1331dbc420768c10505607ea23216b67f707e7ff557a186bcf5e28486f23e7c784604ebb7bec95473919186011430be527443fa87d95c68d1f44200ee9f5cba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\direct_url.json

Filesize
124B

MD5
1809aaac14337868690c510e84232f8d

SHA1
9bb792979ef62818626c75e29fa97480ac6e29ff

SHA256
154233cff7a63e7160385a613459d391a442350c7842703dd3ba495557efab0e

SHA512
0558b38156ff4bc2a81884ad5b4e1aff6ef95d25859724d1fe3dc70d23ddf4ed08d54be7ee9f54f15c167d7741a6142e2cbb6acc6e3d5039c3aaa7494471589c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\entry_points.txt

Filesize
360B

MD5
e15b5909d49dab451beb91c31b9732bf

SHA1
83a5f4efef9c91101fa2e7ac0cbed17fe9282145

SHA256
933880b425b47c933547830b21387ba2144517bca3638b213a88f4e3441dbd02

SHA512
ae280b4b217aa95d7275b58dc73e7586c1999dc363a0b83e7ca350207541f13b18f30b2bb634eb4ba2f4c191940b5ccc7fc201024000e4fd28431ae6c4a69617

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\pyinstaller-5.1.dist-info\top_level.txt

Filesize
12B

MD5
0a28e8e758f80c4b73afd9dbef9f96dd

SHA1
10072e4ec58c0e15d5a62fd256ac9d7bc6a28bcb

SHA256
1ae466bd65c64d124d6262b989618e82536fe0bddbcbb60a68488ac9c359e174

SHA512
38d7a1b6198701708f90750c9d82390a150972fb898fc91c825ff6f6fe2a560b3bcc381a388bb7fe5dfae63550bec2a6a7cfed1390e620a5b2a559726c1439e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\setuptools-65.5.0.dist-info\LICENSE

Filesize
1KB

MD5
7a7126e068206290f3fe9f8d6c713ea6

SHA1
8e6689d37f82d5617b7f7f7232c94024d41066d1

SHA256
db3f0246b1f9278f15845b99fec478b8b506eb76487993722f8c6e254285faf8

SHA512
c9f0870bc5d5eff8769d9919e6d8dde1b773543634f7d03503a9e8f191bd4acc00a97e0399e173785d1b65318bac79f41d3974ae6855e5c432ac5dacf8d13e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\setuptools-65.5.0.dist-info\METADATA

Filesize
6KB

MD5
9e59bd13bb75b38eb7962bf64ac30d6f

SHA1
70f6a68b42695d1bfa55acb63d8d3351352b2aac

SHA256
80c7a3b78ea0dff1f57855ee795e7d33842a0827aa1ef4ee17ec97172a80c892

SHA512
67ac61739692ecc249ebdc8f5e1089f68874dcd65365db1c389fdd0cece381591a30b99a2774b8caaa00e104f3e35ff3745aff6f5f0781289368398008537ae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\setuptools-65.5.0.dist-info\RECORD

Filesize
36KB

MD5
e30355b5f7466bee1691929b05eed672

SHA1
b9f1275ef04f2d36dd1f801de116ac12aa68722e

SHA256
cebd9639e6923a470e818350691053c3cc846a72426a9bfcb70f092868fa0d5b

SHA512
c7a56fe3037a07035279ff063406f7999360d5b275d743c0ef88335eb98be4ca539775cc1470bf121ce166aa53e3e55002be7402350e62811ea2b4d0bbd6a617

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\setuptools-65.5.0.dist-info\WHEEL

Filesize
92B

MD5
4d57030133e279ceb6a8236264823dfd

SHA1
0fdc3988857c560e55d6c36dcc56ee21a51c196d

SHA256
1b5e87e00dc87a84269cead8578b9e6462928e18a95f1f3373c9eef451a5bcc0

SHA512
cd98f2a416ac1b13ba82af073d0819c0ea7c095079143cab83037d48e9a5450d410dc5cf6b6cff3f719544edf1c5f0c7e32e87b746f1c04fe56fafd614b39826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\setuptools-65.5.0.dist-info\entry_points.txt

Filesize
2KB

MD5
d3262b65db35bffaac248075345a266c

SHA1
93ad6fe5a696252b9def334d182432cda2237d1d

SHA256
dec880bb89189b5c9b1491c9ee8a2aa57e53016ef41a2b69f5d71d1c2fbb0453

SHA512
1726750b22a645f5537c20addf23e3d3bad851cd4bdba0f9666f9f6b0dc848f9919d7af8ad8847bd4f18d0f8585dde51afbae6a4cad75008c3210d17241e0291

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\setuptools-65.5.0.dist-info\top_level.txt

Filesize
41B

MD5
789a691c859dea4bb010d18728bad148

SHA1
aef2cbccc6a9a8f43e4e150e7fcf1d7b03f0e249

SHA256
77dc8bdfdbff5bbaa62830d21fab13e1b1348ff2ecd4cdcfd7ad4e1a076c9b88

SHA512
bc2f7caad486eb056cb9f68e6c040d448788c3210ff028397cd9af1277d0051746cae58eb172f9e73ea731a65b2076c6091c10bcb54d911a7b09767aa6279ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\unicodedata.pyd

Filesize
1.1MB

MD5
4c8af8a30813e9380f5f54309325d6b8

SHA1
169a80d8923fb28f89bc26ebf89ffe37f8545c88

SHA256
4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05

SHA512
ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\win32com\shell\shell.pyd

Filesize
515KB

MD5
c2e1b245d4221bda4c198cf18d9ca6af

SHA1
9682b6e966495f7b58255348563a86c63fbd488c

SHA256
89a8651dad701dce6b42b0e20c18b07df6d08a341123659e05381ee796d23858

SHA512
c2f57e9303d37547671e40086ddad4b1fc31c52d43994cfcec974b259125e125c644873073f216f28066bb0c213cbeb1b9a3c149727c9f1bc50f198ac45a4c8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\win32trace.pyd

Filesize
23KB

MD5
b291adab2446da62f93369a0dd662076

SHA1
a6b6c1054c1f511c64aefb5f6c031afe553e70f0

SHA256
c5ad56e205530780326bd1081e94b212c65082b58e0f69788e3dc60effbd6410

SHA512
847cc9e82b9939dbdc58bfa3e5a9899d614642e0b07cf1508aa866cd69e4ad8c905dbf810a045d225e6c364e1d9f2a45006f0eb0895bcd5aaf9d81ee344d4aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI37842\win32ui.pyd

Filesize
1.1MB

MD5
b505e88eb8995c2ec46129fb4b389e6c

SHA1
cbfa8650730cbf6c07f5ed37b0744d983abfe50a

SHA256
be7918b4f7e7de53674894a4b8cfadcacb4726cea39b7db477a6c70231c41790

SHA512
6a51b746d0fbc03f57ff28be08f7e894ad2e9f2a2f3b61d88eae22e7491cf35ae299cdb3261e85e4867f41d8fda012af5bd1eb8e1498f1a81adc4354adacdaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\error.txt

Filesize
72KB

MD5
ca481942ef24dc33fedd182c51183e79

SHA1
69762a0a03de591149787a835ebd496131980b53

SHA256
fcbbf910ff712132080128bac8f06a93101727ce355c75f1d4ee02296fba26d3

SHA512
fb3a590666ae8b27d795d0626e0a847141f1c0f870229ef2c48b6375afff147ecfd1c847015c22539b687a2be82c4175958b4fd06a27e771bab9b64003240182

Download Submit
C:\Users\Admin\AppData\Local\Temp\frb3esk1

Filesize
4B

MD5
3f1d1d8d87177d3d8d897d7e421f84d6

SHA1
dd082d742a5cb751290f1db2bd519c286aa86d95

SHA256
f02285fb90ed8c81531fe78cf4e2abb68a62be73ee7d317623e2c3e3aefdfff2

SHA512
2ae2b3936f31756332ca7a4b877d18f3fcc50e41e9472b5cd45a70bea82e29a0fa956ee6a9ee0e02f23d9db56b41d19cb51d88aac06e9c923a820a21023752a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wppassw.txt

Filesize
17B

MD5
bdbe376c9f2b11ac67ae1461cb6da0ef

SHA1
2bad59f3dad593cd6541f51ff62a3ad6b0702a37

SHA256
790cb8b6d6071c3ad7a02e639432687348b0ad636a89d19323eab9c4286952c4

SHA512
263f5f59639a41288dd70114aa2ed475cf79dcf4194e75faf6c2badeadcf5d05ac0e014b0510c63359e833440354c5ac428530bd6bc77a8cf35643c1c4f755ba

Download Submit
C:\Users\Admin\AppData\Local\Tempwpddhnifzl.db

Filesize
20KB

MD5
a603e09d617fea7517059b4924b1df93

SHA1
31d66e1496e0229c6a312f8be05da3f813b3fa9e

SHA256
ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7

SHA512
eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc

Download Submit
C:\Users\Admin\AppData\Local\Tempwpiwruywbu.db

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Tempwpspnooiyn.db

Filesize
96KB

MD5
40f3eb83cc9d4cdb0ad82bd5ff2fb824

SHA1
d6582ba879235049134fa9a351ca8f0f785d8835

SHA256
cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

SHA512
cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

Download Submit
C:\Users\Admin\AppData\Local\Tempwpukwywvsh.db

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Tempwpvtljkvdj.db

Filesize
114KB

MD5
a2bc4eb3c67f34d75effa9bde49c2ffb

SHA1
f38bf9e1468d1dd11a5d197c8befcbf9302e4e57

SHA256
a2afda6ed0239af2873e61cffb2817572f9f5ce278b509d6c9c9e5f368a178e5

SHA512
30fd383d5b385ffb7f6551ea64636189bfa090a9097e8373574c6dcf3c9e7bbc8c08035057a5565fd139dc505e1ca40cd83df477c2ee67a605d0a2cf8481dffe

Download Submit
C:\Users\Admin\AppData\Local\Tempwpxoecvuud.db

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
memory/1260-23007-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/1676-23085-0x00007FF884C60000-0x00007FF884CFE000-memory.dmp

Filesize
632KB

Download
memory/2784-6228-0x0000015E0C6D0000-0x0000015E0C6DC000-memory.dmp

Filesize
48KB

Download
memory/2784-6229-0x0000015E0C6E0000-0x0000015E0C790000-memory.dmp

Filesize
704KB

Download
memory/2784-23376-0x0000015E0C6D0000-0x0000015E0C6DC000-memory.dmp

Filesize
48KB

Download
memory/2888-16503-0x00007FF864460000-0x00007FF8648B9000-memory.dmp

Filesize
4.3MB

Download
memory/3784-17030-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/7576-22718-0x00007FF822880000-0x00007FF822CD9000-memory.dmp

Filesize
4.3MB

Download
memory/7984-20630-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/8332-23086-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/8428-7692-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/9168-7640-0x00007FF886610000-0x00007FF8866CE000-memory.dmp

Filesize
760KB

Download
memory/10384-6711-0x00007FF886C10000-0x00007FF886E05000-memory.dmp

Filesize
2.0MB

Download
memory/10656-6497-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/12428-23378-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download
memory/15584-23269-0x00007FF74FD90000-0x00007FF74FDF7000-memory.dmp

Filesize
412KB

Download