1dbbbc1945c70764b2fd23abe297dd0491887310aaeacb8df57c52217795a346

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 00:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
Size

82KB
MD5

03bd7cae039e262c631fb39ebc1211ff
SHA1

06d4dff49e1bdbf84d4b73d76d82229b743c2cd6
SHA256

1dbbbc1945c70764b2fd23abe297dd0491887310aaeacb8df57c52217795a346
SHA512

4013b7227fbb55b7c4bf4c719fdd20c41f7440fb885e6bca5faefb98678e17b3c02365202d250d30d903617cf82f6a5b37f090b23f27d4bf0fa7ec564a4b4673
SSDEEP

1536:sbOJvHdltZsCzWt7IEllRLgToq6MBivJR:sbEv/tZo+EllRLgToq6MBiv3

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\windows\\system32\\drivers\\svchost.exe"	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File created	C:\WINDOWS\system32\drivers\stub.exe	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
File created	C:\windows\system32\drivers\svchost.exe	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
File created	C:\windows\system32\drivers\tmpp.exe	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
File created	C:\WINDOWS\system32\drivers\Interop.MessengerAPI.dll	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

Executes dropped EXE 64 IoCs

pid	Process
2688	temp.exe
2720	temp.exe
2340	temp.exe
2516	temp.exe
932	temp.exe
2452	temp.exe
1016	temp.exe
2436	temp.exe
2620	temp.exe
1280	temp.exe
3060	temp.exe
2504	temp.exe
1668	temp.exe
2128	temp.exe
948	temp.exe
1708	temp.exe
3064	temp.exe
3024	temp.exe
2340	temp.exe
2556	temp.exe
960	temp.exe
2932	temp.exe
2644	temp.exe
1032	temp.exe
2288	temp.exe
1792	temp.exe
1740	temp.exe
2124	temp.exe
2380	temp.exe
1044	temp.exe
1088	temp.exe
1544	temp.exe
976	temp.exe
2360	temp.exe
1720	temp.exe
2016	temp.exe
904	temp.exe
2212	temp.exe
2312	temp.exe
992	temp.exe
2448	temp.exe
828	temp.exe
1948	temp.exe
2588	temp.exe
1508	temp.exe
2320	temp.exe
2308	temp.exe
464	temp.exe
2252	temp.exe
2288	temp.exe
2340	temp.exe
1740	temp.exe
2264	temp.exe
864	temp.exe
1780	temp.exe
844	temp.exe
1016	temp.exe
1336	temp.exe
1276	temp.exe
1756	temp.exe
564	temp.exe
1952	temp.exe
2656	temp.exe
916	temp.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	F:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200\desktop.ini	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
File opened for modification	F:\recycler\S-1-5-21-8749679017-0950430147-468708784-3200\desktop.ini	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost = "logonui.exe, C:\\WINDOWS\\system32\\dllcache\\recycled.exe"	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	F:\autorun.inf	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
File opened for modification	F:\autorun.inf	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\dllcache\tmp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe
File created	C:\WINDOWS\system32\temp.exe	temp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2688	2648	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2688	2648	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe	30
PID 2648 wrote to memory of 2688	2648	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe	30
PID 2688 wrote to memory of 2720	2688	temp.exe	31
PID 2688 wrote to memory of 2720	2688	temp.exe	31
PID 2688 wrote to memory of 2720	2688	temp.exe	31
PID 2720 wrote to memory of 2340	2720	temp.exe	32
PID 2720 wrote to memory of 2340	2720	temp.exe	32
PID 2720 wrote to memory of 2340	2720	temp.exe	32
PID 2340 wrote to memory of 2516	2340	temp.exe	33
PID 2340 wrote to memory of 2516	2340	temp.exe	33
PID 2340 wrote to memory of 2516	2340	temp.exe	33
PID 2516 wrote to memory of 932	2516	temp.exe	34
PID 2516 wrote to memory of 932	2516	temp.exe	34
PID 2516 wrote to memory of 932	2516	temp.exe	34
PID 932 wrote to memory of 2452	932	temp.exe	35
PID 932 wrote to memory of 2452	932	temp.exe	35
PID 932 wrote to memory of 2452	932	temp.exe	35
PID 2452 wrote to memory of 1016	2452	temp.exe	36
PID 2452 wrote to memory of 1016	2452	temp.exe	36
PID 2452 wrote to memory of 1016	2452	temp.exe	36
PID 1016 wrote to memory of 2436	1016	temp.exe	37
PID 1016 wrote to memory of 2436	1016	temp.exe	37
PID 1016 wrote to memory of 2436	1016	temp.exe	37
PID 2436 wrote to memory of 2620	2436	temp.exe	38
PID 2436 wrote to memory of 2620	2436	temp.exe	38
PID 2436 wrote to memory of 2620	2436	temp.exe	38
PID 2620 wrote to memory of 1280	2620	temp.exe	39
PID 2620 wrote to memory of 1280	2620	temp.exe	39
PID 2620 wrote to memory of 1280	2620	temp.exe	39
PID 1280 wrote to memory of 3060	1280	temp.exe	40
PID 1280 wrote to memory of 3060	1280	temp.exe	40
PID 1280 wrote to memory of 3060	1280	temp.exe	40
PID 3060 wrote to memory of 2504	3060	temp.exe	41
PID 3060 wrote to memory of 2504	3060	temp.exe	41
PID 3060 wrote to memory of 2504	3060	temp.exe	41
PID 2504 wrote to memory of 1668	2504	temp.exe	42
PID 2504 wrote to memory of 1668	2504	temp.exe	42
PID 2504 wrote to memory of 1668	2504	temp.exe	42
PID 1668 wrote to memory of 2128	1668	temp.exe	43
PID 1668 wrote to memory of 2128	1668	temp.exe	43
PID 1668 wrote to memory of 2128	1668	temp.exe	43
PID 2128 wrote to memory of 948	2128	temp.exe	44
PID 2128 wrote to memory of 948	2128	temp.exe	44
PID 2128 wrote to memory of 948	2128	temp.exe	44
PID 948 wrote to memory of 1708	948	temp.exe	45
PID 948 wrote to memory of 1708	948	temp.exe	45
PID 948 wrote to memory of 1708	948	temp.exe	45
PID 1708 wrote to memory of 3064	1708	temp.exe	46
PID 1708 wrote to memory of 3064	1708	temp.exe	46
PID 1708 wrote to memory of 3064	1708	temp.exe	46
PID 3064 wrote to memory of 3024	3064	temp.exe	47
PID 3064 wrote to memory of 3024	3064	temp.exe	47
PID 3064 wrote to memory of 3024	3064	temp.exe	47
PID 3024 wrote to memory of 2340	3024	temp.exe	48
PID 3024 wrote to memory of 2340	3024	temp.exe	48
PID 3024 wrote to memory of 2340	3024	temp.exe	48
PID 2340 wrote to memory of 2556	2340	temp.exe	49
PID 2340 wrote to memory of 2556	2340	temp.exe	49
PID 2340 wrote to memory of 2556	2340	temp.exe	49
PID 2556 wrote to memory of 960	2556	temp.exe	50
PID 2556 wrote to memory of 960	2556	temp.exe	50
PID 2556 wrote to memory of 960	2556	temp.exe	50
PID 960 wrote to memory of 2932	960	temp.exe	51

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03bd7cae039e262c631fb39ebc1211ff_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Drops file in Drivers directory
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Modifies WinLogon
- Drops autorun.inf file
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2648
- C:\WINDOWS\system32\dllcache\temp.exe
  "C:\WINDOWS\system32\dllcache\temp.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\WINDOWS\system32\dllcache\temp.exe
    "C:\WINDOWS\system32\dllcache\temp.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\WINDOWS\system32\dllcache\temp.exe
      "C:\WINDOWS\system32\dllcache\temp.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2340
    - - C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2516
      - C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:932
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2452
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1016
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2436
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2620
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3060
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2504
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1668
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2128
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:948
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3064
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3024
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2340
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:960
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2932
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        24⤵
        Executes dropped EXE
        
        PID:2644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        25⤵
        Executes dropped EXE
        
        PID:1032
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        26⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        27⤵
        Executes dropped EXE
        
        PID:1792
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        28⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        29⤵
        Executes dropped EXE
        
        PID:2124
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        30⤵
        Executes dropped EXE
        
        PID:2380
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        31⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        32⤵
        Executes dropped EXE
        
        PID:1088
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        33⤵
        Executes dropped EXE
        
        PID:1544
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        34⤵
        Executes dropped EXE
        
        PID:976
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        35⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        36⤵
        Executes dropped EXE
        
        PID:1720
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        37⤵
        Executes dropped EXE
        
        PID:2016
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        38⤵
        Executes dropped EXE
        
        PID:904
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        39⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        40⤵
        Executes dropped EXE
        
        PID:2312
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        41⤵
        Executes dropped EXE
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        42⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        43⤵
        Executes dropped EXE
        
        PID:828
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        44⤵
        Executes dropped EXE
        
        PID:1948
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        45⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        46⤵
        Executes dropped EXE
        
        PID:1508
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        47⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        48⤵
        Executes dropped EXE
        
        PID:2308
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        49⤵
        Executes dropped EXE
        
        PID:464
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        50⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        51⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        52⤵
        Executes dropped EXE
        
        PID:2340
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        53⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        54⤵
        Executes dropped EXE
        
        PID:2264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        55⤵
        Executes dropped EXE
        
        PID:864
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        56⤵
        Executes dropped EXE
        
        PID:1780
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        57⤵
        Executes dropped EXE
        
        PID:844
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1016
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        59⤵
        Executes dropped EXE
        
        PID:1336
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        60⤵
        Executes dropped EXE
        
        PID:1276
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        61⤵
        Executes dropped EXE
        
        PID:1756
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        62⤵
        Executes dropped EXE
        
        PID:564
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        63⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        64⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        65⤵
        Executes dropped EXE
        
        PID:916
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        66⤵
        
        PID:2764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        67⤵
        
        PID:2556
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        68⤵
        
        PID:2372
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        69⤵
        
        PID:1844
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        70⤵
        
        PID:2572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        71⤵
        
        PID:1896
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        72⤵
        
        PID:1960
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        73⤵
        
        PID:2044
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        74⤵
        
        PID:2912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        75⤵
        
        PID:264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        76⤵
        
        PID:2560
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        77⤵
        Drops file in System32 directory
        
        PID:2180
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        78⤵
        
        PID:2748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        79⤵
        
        PID:1740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        80⤵
        
        PID:1980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        81⤵
        
        PID:1984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        82⤵
        
        PID:2732
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        83⤵
        
        PID:1676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        84⤵
        
        PID:540
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        85⤵
        
        PID:352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        86⤵
        
        PID:2452
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        87⤵
        
        PID:2132
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        88⤵
        
        PID:3000
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        89⤵
        
        PID:2552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        90⤵
        
        PID:2708
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        91⤵
        
        PID:2160
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        92⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        93⤵
        
        PID:2728
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        94⤵
        
        PID:2632
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        95⤵
        
        PID:2196
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        96⤵
        
        PID:2572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        97⤵
        
        PID:2540
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        98⤵
        
        PID:2104
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        99⤵
        
        PID:2044
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        100⤵
        
        PID:2912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        101⤵
        
        PID:2144
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        102⤵
        
        PID:2560
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        103⤵
        
        PID:2096
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        104⤵
        
        PID:748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        105⤵
        Drops file in System32 directory
        
        PID:1740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        106⤵
        
        PID:1780
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        107⤵
        
        PID:1984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        108⤵
        
        PID:1760
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        109⤵
        
        PID:976
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        110⤵
        Drops file in System32 directory
        
        PID:1336
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        111⤵
        
        PID:2368
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        112⤵
        
        PID:2452
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        113⤵
        Drops file in System32 directory
        
        PID:888
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        114⤵
        
        PID:3000
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        115⤵
        
        PID:2980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        116⤵
        
        PID:2008
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        117⤵
        
        PID:2992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        118⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        119⤵
        
        PID:1624
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        120⤵
        
        PID:2632
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        121⤵
        
        PID:1732
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        122⤵
        
        PID:2076
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        123⤵
        
        PID:2456
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        124⤵
        
        PID:1908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        125⤵
        
        PID:2064
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        126⤵
        
        PID:1184
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        127⤵
        
        PID:1932
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        128⤵
        
        PID:2968
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        129⤵
        
        PID:1776
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        130⤵
        
        PID:2264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        131⤵
        
        PID:1748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        132⤵
        
        PID:844
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        133⤵
        
        PID:1672
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        134⤵
        
        PID:2332
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        135⤵
        
        PID:1804
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        136⤵
        
        PID:2352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        137⤵
        
        PID:2736
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        138⤵
        
        PID:2132
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        139⤵
        
        PID:888
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        140⤵
        
        PID:3000
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        141⤵
        Drops file in System32 directory
        
        PID:2980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        142⤵
        
        PID:2160
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        143⤵
        
        PID:1584
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        144⤵
        
        PID:2728
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        145⤵
        
        PID:2724
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        146⤵
        
        PID:1640
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        147⤵
        
        PID:2424
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        148⤵
        
        PID:576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        149⤵
        
        PID:2456
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        150⤵
        
        PID:1908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        151⤵
        
        PID:1432
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        152⤵
        
        PID:836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        153⤵
        
        PID:1892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        154⤵
        
        PID:2388
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        155⤵
        
        PID:2640
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        156⤵
        
        PID:1924
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        157⤵
        
        PID:1716
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        158⤵
        
        PID:1280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        159⤵
        
        PID:2204
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        160⤵
        Drops file in System32 directory
        
        PID:1720
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        161⤵
        
        PID:2268
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        162⤵
        
        PID:2392
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        163⤵
        
        PID:2736
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        164⤵
        
        PID:2012
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        165⤵
        
        PID:2084
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        166⤵
        
        PID:2576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        167⤵
        
        PID:2980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        168⤵
        Drops file in System32 directory
        
        PID:2160
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        169⤵
        
        PID:1584
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        170⤵
        
        PID:2728
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        171⤵
        
        PID:1552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        172⤵
        
        PID:2280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        173⤵
        
        PID:2152
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        174⤵
        
        PID:2584
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        175⤵
        
        PID:480
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        176⤵
        
        PID:1912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        177⤵
        
        PID:1536
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        178⤵
        
        PID:3024
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        179⤵
        
        PID:1892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        180⤵
        
        PID:2388
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        181⤵
        
        PID:1004
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        182⤵
        
        PID:492
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        183⤵
        Drops file in System32 directory
        
        PID:1716
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        184⤵
        
        PID:1280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        185⤵
        Drops file in System32 directory
        
        PID:1676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        186⤵
        Drops file in System32 directory
        
        PID:1556
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        187⤵
        
        PID:352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        188⤵
        
        PID:552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        189⤵
        Drops file in System32 directory
        
        PID:2240
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        190⤵
        Drops file in System32 directory
        
        PID:888
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        191⤵
        
        PID:2896
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        192⤵
        
        PID:1836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        193⤵
        
        PID:2612
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        194⤵
        Drops file in System32 directory
        
        PID:2992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        195⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        196⤵
        
        PID:464
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        197⤵
        
        PID:2984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        198⤵
        
        PID:784
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        199⤵
        
        PID:1244
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        200⤵
        Drops file in System32 directory
        
        PID:1996
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        201⤵
        
        PID:1316
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        202⤵
        
        PID:1432
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        203⤵
        
        PID:1536
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        204⤵
        
        PID:3024
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        205⤵
        
        PID:1892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        206⤵
        
        PID:2388
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        207⤵
        
        PID:1004
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        208⤵
        
        PID:492
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        209⤵
        
        PID:1716
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        210⤵
        
        PID:1280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        211⤵
        
        PID:1676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        212⤵
        
        PID:1556
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        213⤵
        Drops file in System32 directory
        
        PID:352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        214⤵
        
        PID:904
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        215⤵
        
        PID:2708
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        216⤵
        Drops file in System32 directory
        
        PID:2084
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        217⤵
        
        PID:2896
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        218⤵
        
        PID:1836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        219⤵
        
        PID:2612
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        220⤵
        
        PID:880
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        221⤵
        
        PID:2824
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        222⤵
        Drops file in System32 directory
        
        PID:1644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        223⤵
        
        PID:1968
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        224⤵
        
        PID:2540
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        225⤵
        
        PID:2128
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        226⤵
        
        PID:1972
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        227⤵
        
        PID:3052
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        228⤵
        
        PID:2000
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        229⤵
        
        PID:1736
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        230⤵
        
        PID:996
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        231⤵
        
        PID:1772
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        232⤵
        
        PID:1924
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        233⤵
        
        PID:3028
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        234⤵
        
        PID:1496
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        235⤵
        
        PID:2596
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        236⤵
        
        PID:1920
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        237⤵
        
        PID:912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        238⤵
        
        PID:2020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        239⤵
        
        PID:2952
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        240⤵
        
        PID:1956
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        241⤵
        
        PID:3000
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        242⤵
        
        PID:2008
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        243⤵
        
        PID:2856
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        244⤵
        
        PID:1764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        245⤵
        
        PID:2876
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        246⤵
        
        PID:2040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        247⤵
        
        PID:1224
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        248⤵
        
        PID:2224
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        249⤵
        
        PID:1032
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        250⤵
        
        PID:1380
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        251⤵
        
        PID:2444
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        252⤵
        Drops file in System32 directory
        
        PID:1912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        253⤵
        
        PID:1432
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        254⤵
        
        PID:1980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        255⤵
        
        PID:2908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        256⤵
        
        PID:1740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        257⤵
        
        PID:1528
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        258⤵
        
        PID:1312
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        259⤵
        
        PID:1016
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        260⤵
        
        PID:2368
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        261⤵
        
        PID:2464
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        262⤵
        
        PID:1280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        263⤵
        
        PID:1756
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        264⤵
        
        PID:2232
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        265⤵
        
        PID:2520
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        266⤵
        
        PID:1956
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        267⤵
        
        PID:1020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        268⤵
        
        PID:2008
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        269⤵
        Drops file in System32 directory
        
        PID:2692
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        270⤵
        
        PID:1764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        271⤵
        
        PID:880
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        272⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        273⤵
        
        PID:2996
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        274⤵
        
        PID:2252
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        275⤵
        
        PID:1244
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        276⤵
        
        PID:548
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        277⤵
        
        PID:1040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        278⤵
        
        PID:2748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        279⤵
        
        PID:2340
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        280⤵
        
        PID:1736
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        281⤵
        
        PID:1752
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        282⤵
        
        PID:572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        283⤵
        
        PID:1528
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        284⤵
        
        PID:1312
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        285⤵
        
        PID:1016
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        286⤵
        
        PID:2368
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        287⤵
        
        PID:2464
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        288⤵
        
        PID:2312
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        289⤵
        
        PID:1756
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        290⤵
        
        PID:2232
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        291⤵
        
        PID:2520
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        292⤵
        
        PID:1956
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        293⤵
        
        PID:2760
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        294⤵
        
        PID:2208
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        295⤵
        
        PID:2412
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        296⤵
        
        PID:2104
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        297⤵
        
        PID:1708
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        298⤵
        
        PID:2580
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        299⤵
        
        PID:2152
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        300⤵
        
        PID:2920
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        301⤵
        
        PID:1812
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        302⤵
        
        PID:1180
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        303⤵
        
        PID:1088
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        304⤵
        
        PID:748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        305⤵
        
        PID:2672
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        306⤵
        
        PID:2732
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        307⤵
        
        PID:1996
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        308⤵
        
        PID:1004
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        309⤵
        
        PID:1804
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        310⤵
        
        PID:1636
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        311⤵
        
        PID:612
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        312⤵
        
        PID:2828
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        313⤵
        
        PID:2460
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        314⤵
        
        PID:1668
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        315⤵
        
        PID:2964
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        316⤵
        
        PID:2384
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        317⤵
        
        PID:2140
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        318⤵
        
        PID:2392
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        319⤵
        
        PID:2860
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        320⤵
        
        PID:2856
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        321⤵
        
        PID:2320
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        322⤵
        
        PID:2624
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        323⤵
        
        PID:2156
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        324⤵
        
        PID:576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        325⤵
        
        PID:1384
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        326⤵
        
        PID:1244
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        327⤵
        
        PID:604
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        328⤵
        
        PID:1796
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        329⤵
        
        PID:444
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        330⤵
        
        PID:1632
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        331⤵
        
        PID:1980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        332⤵
        
        PID:2360
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        333⤵
        
        PID:1576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        334⤵
        
        PID:2836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        335⤵
        
        PID:3020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        336⤵
        
        PID:1092
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        337⤵
        
        PID:2368
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        338⤵
        
        PID:1920
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        339⤵
        
        PID:1600
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        340⤵
        
        PID:916
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        341⤵
        
        PID:1604
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        342⤵
        
        PID:1624
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        343⤵
        Drops file in System32 directory
        
        PID:2300
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        344⤵
        
        PID:2160
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        345⤵
        
        PID:1476
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        346⤵
        
        PID:2208
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        347⤵
        
        PID:2728
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        348⤵
        
        PID:784
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        349⤵
        
        PID:964
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        350⤵
        
        PID:2912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        351⤵
        
        PID:2108
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        352⤵
        
        PID:1184
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        353⤵
        
        PID:2468
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        354⤵
        
        PID:3056
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        355⤵
        
        PID:2124
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        356⤵
        
        PID:1664
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        357⤵
        
        PID:2264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        358⤵
        
        PID:2564
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        359⤵
        
        PID:1044
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        360⤵
        
        PID:1672
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        361⤵
        
        PID:948
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        362⤵
        
        PID:1676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        363⤵
        
        PID:2756
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        364⤵
        
        PID:2892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        365⤵
        
        PID:2240
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        366⤵
        
        PID:2720
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        367⤵
        
        PID:2988
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        368⤵
        
        PID:888
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        369⤵
        Drops file in System32 directory
        
        PID:2832
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        370⤵
        
        PID:1552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        371⤵
        
        PID:464
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        372⤵
        
        PID:2424
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        373⤵
        
        PID:880
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        374⤵
        Drops file in System32 directory
        
        PID:2792
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        375⤵
        
        PID:2516
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        376⤵
        Drops file in System32 directory
        
        PID:2224
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        377⤵
        
        PID:2308
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        378⤵
        
        PID:2716
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        379⤵
        
        PID:1812
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        380⤵
        
        PID:1940
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        381⤵
        
        PID:1572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        382⤵
        
        PID:444
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        383⤵
        
        PID:1772
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        384⤵
        
        PID:3028
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        385⤵
        Drops file in System32 directory
        
        PID:2936
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        386⤵
        
        PID:2400
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        387⤵
        
        PID:2472
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        388⤵
        Drops file in System32 directory
        
        PID:1716
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        389⤵
        
        PID:2172
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        390⤵
        Drops file in System32 directory
        
        PID:2820
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        391⤵
        
        PID:2312
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        392⤵
        
        PID:2068
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        393⤵
        
        PID:2600
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        394⤵
        
        PID:2556
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        395⤵
        
        PID:1956
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        396⤵
        Drops file in System32 directory
        
        PID:2992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        397⤵
        
        PID:2160
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        398⤵
        
        PID:2628
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        399⤵
        
        PID:2100
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        400⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        401⤵
        
        PID:2144
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        402⤵
        
        PID:2584
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        403⤵
        
        PID:2544
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        404⤵
        
        PID:1148
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        405⤵
        
        PID:1516
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        406⤵
        
        PID:2884
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        407⤵
        
        PID:2968
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        408⤵
        
        PID:864
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        409⤵
        
        PID:1088
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        410⤵
        
        PID:1004
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        411⤵
        
        PID:2096
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        412⤵
        
        PID:2352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        413⤵
        
        PID:1904
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        414⤵
        
        PID:2740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        415⤵
        
        PID:1264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        416⤵
        
        PID:2020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        417⤵
        
        PID:2892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        418⤵
        
        PID:2764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        419⤵
        Drops file in System32 directory
        
        PID:1596
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        420⤵
        
        PID:2720
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        421⤵
        
        PID:2364
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        422⤵
        
        PID:1584
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        423⤵
        
        PID:2992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        424⤵
        
        PID:2856
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        425⤵
        
        PID:2428
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        426⤵
        
        PID:2996
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        427⤵
        
        PID:1764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        428⤵
        
        PID:3044
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        429⤵
        
        PID:840
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        430⤵
        
        PID:1692
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        431⤵
        Drops file in System32 directory
        
        PID:2376
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        432⤵
        
        PID:2624
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        433⤵
        
        PID:532
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        434⤵
        
        PID:2672
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        435⤵
        
        PID:2252
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        436⤵
        
        PID:2592
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        437⤵
        
        PID:1928
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        438⤵
        
        PID:976
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        439⤵
        
        PID:2472
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        440⤵
        Drops file in System32 directory
        
        PID:1092
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        441⤵
        
        PID:2740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        442⤵
        
        PID:2820
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        443⤵
        
        PID:1840
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        444⤵
        
        PID:2440
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        445⤵
        
        PID:2404
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        446⤵
        
        PID:1836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        447⤵
        Drops file in System32 directory
        
        PID:3064
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        448⤵
        
        PID:2832
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        449⤵
        
        PID:2824
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        450⤵
        
        PID:1908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        451⤵
        Drops file in System32 directory
        
        PID:2572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        452⤵
        Drops file in System32 directory
        
        PID:2516
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        453⤵
        
        PID:576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        454⤵
        
        PID:1848
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        455⤵
        
        PID:2848
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        456⤵
        
        PID:2688
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        457⤵
        
        PID:2340
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        458⤵
        
        PID:1768
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        459⤵
        
        PID:748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        460⤵
        
        PID:1572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        461⤵
        
        PID:1924
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        462⤵
        
        PID:1980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        463⤵
        
        PID:2096
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        464⤵
        
        PID:2408
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        465⤵
        Drops file in System32 directory
        
        PID:976
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        466⤵
        
        PID:3060
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        467⤵
        
        PID:1092
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        468⤵
        
        PID:2656
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        469⤵
        
        PID:2820
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        470⤵
        
        PID:2232
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        471⤵
        
        PID:2240
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        472⤵
        
        PID:932
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        473⤵
        
        PID:2896
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        474⤵
        
        PID:2436
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        475⤵
        
        PID:2760
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        476⤵
        
        PID:2992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        477⤵
        
        PID:1384
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        478⤵
        
        PID:2980
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        479⤵
        
        PID:1776
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        480⤵
        
        PID:2396
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        481⤵
        
        PID:2052
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        482⤵
        
        PID:2304
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        483⤵
        Drops file in System32 directory
        
        PID:1728
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        484⤵
        
        PID:2748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        485⤵
        
        PID:1660
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        486⤵
        
        PID:1892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        487⤵
        
        PID:2124
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        488⤵
        
        PID:2252
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        489⤵
        
        PID:1996
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        490⤵
        
        PID:3048
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        491⤵
        
        PID:1496
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        492⤵
        
        PID:612
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        493⤵
        
        PID:1676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        494⤵
        
        PID:3000
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        495⤵
        
        PID:1344
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        496⤵
        
        PID:3036
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        497⤵
        
        PID:1596
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        498⤵
        
        PID:2712
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        499⤵
        
        PID:2200
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        500⤵
        
        PID:888
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        501⤵
        
        PID:1476
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        502⤵
        
        PID:2832
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        503⤵
        
        PID:2080
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        504⤵
        
        PID:2100
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        505⤵
        
        PID:2644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        506⤵
        
        PID:1436
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        507⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        508⤵
        Drops file in System32 directory
        
        PID:548
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        509⤵
        
        PID:1096
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        510⤵
        
        PID:2872
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        511⤵
        
        PID:2416
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        512⤵
        
        PID:1564
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        513⤵
        
        PID:1524
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        514⤵
        
        PID:1324
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        515⤵
        
        PID:2796
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        516⤵
        
        PID:2592
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        517⤵
        
        PID:2488
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        518⤵
        
        PID:3048
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        519⤵
        
        PID:1496
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        520⤵
        
        PID:612
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        521⤵
        
        PID:1092
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        522⤵
        
        PID:2268
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        523⤵
        Drops file in System32 directory
        
        PID:3068
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        524⤵
        
        PID:2164
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        525⤵
        
        PID:2240
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        526⤵
        
        PID:1264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        527⤵
        
        PID:1644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        528⤵
        
        PID:2040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        529⤵
        
        PID:2984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        530⤵
        
        PID:836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        531⤵
        
        PID:2280
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        532⤵
        
        PID:2392
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        533⤵
        
        PID:2644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        534⤵
        
        PID:668
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        535⤵
        Drops file in System32 directory
        
        PID:1328
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        536⤵
        
        PID:2304
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        537⤵
        
        PID:2908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        538⤵
        
        PID:2748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        539⤵
        
        PID:1984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        540⤵
        
        PID:1564
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        541⤵
        
        PID:1524
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        542⤵
        
        PID:1324
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        543⤵
        
        PID:1004
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        544⤵
        
        PID:2592
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        545⤵
        
        PID:2488
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        546⤵
        
        PID:3048
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        547⤵
        
        PID:2132
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        548⤵
        
        PID:2740
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        549⤵
        
        PID:2316
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        550⤵
        
        PID:2268
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        551⤵
        
        PID:3068
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        552⤵
        
        PID:2164
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        553⤵
        
        PID:2240
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        554⤵
        
        PID:1264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        555⤵
        
        PID:1644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        556⤵
        
        PID:2040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        557⤵
        
        PID:2984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        558⤵
        
        PID:2372
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        559⤵
        Drops file in System32 directory
        
        PID:2516
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        560⤵
        
        PID:2876
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        561⤵
        
        PID:2644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        562⤵
        
        PID:668
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        563⤵
        
        PID:1328
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        564⤵
        
        PID:2304
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        565⤵
        
        PID:2908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        566⤵
        
        PID:2624
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        567⤵
        
        PID:572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        568⤵
        
        PID:824
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        569⤵
        
        PID:1944
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        570⤵
        
        PID:2088
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        571⤵
        
        PID:1252
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        572⤵
        
        PID:948
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        573⤵
        
        PID:1652
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        574⤵
        Drops file in System32 directory
        
        PID:552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        575⤵
        
        PID:2868
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        576⤵
        
        PID:1344
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        577⤵
        
        PID:3036
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        578⤵
        
        PID:2268
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        579⤵
        
        PID:3068
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        580⤵
        
        PID:1472
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        581⤵
        
        PID:2240
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        582⤵
        
        PID:1264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        583⤵
        
        PID:1644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        584⤵
        
        PID:2940
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        585⤵
        
        PID:1968
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        586⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        587⤵
        
        PID:1764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        588⤵
        
        PID:2920
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        589⤵
        
        PID:1912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        590⤵
        
        PID:1696
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        591⤵
        
        PID:1040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        592⤵
        
        PID:2768
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        593⤵
        
        PID:748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        594⤵
        
        PID:2732
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        595⤵
        
        PID:1892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        596⤵
        
        PID:1524
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        597⤵
        
        PID:2836
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        598⤵
        
        PID:2332
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        599⤵
        
        PID:352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        600⤵
        
        PID:1676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        601⤵
        
        PID:2172
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        602⤵
        Drops file in System32 directory
        
        PID:1840
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        603⤵
        Drops file in System32 directory
        
        PID:2316
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        604⤵
        
        PID:2536
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        605⤵
        
        PID:2712
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        606⤵
        
        PID:2676
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        607⤵
        Drops file in System32 directory
        
        PID:2760
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        608⤵
        
        PID:2436
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        609⤵
        
        PID:2628
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        610⤵
        
        PID:2356
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        611⤵
        Drops file in System32 directory
        
        PID:1792
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        612⤵
        
        PID:2912
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        613⤵
        
        PID:992
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        614⤵
        
        PID:1764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        615⤵
        
        PID:1788
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        616⤵
        
        PID:3044
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        617⤵
        
        PID:896
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        618⤵
        Drops file in System32 directory
        
        PID:1040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        619⤵
        
        PID:1632
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        620⤵
        Drops file in System32 directory
        
        PID:2152
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        621⤵
        
        PID:2732
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        622⤵
        
        PID:444
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        623⤵
        
        PID:1004
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        624⤵
        
        PID:2400
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        625⤵
        
        PID:2012
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        626⤵
        
        PID:352
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        627⤵
        
        PID:2132
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        628⤵
        
        PID:1952
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        629⤵
        
        PID:2964
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        630⤵
        
        PID:1596
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        631⤵
        
        PID:904
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        632⤵
        
        PID:1472
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        633⤵
        
        PID:2824
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        634⤵
        
        PID:2832
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        635⤵
        
        PID:264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        636⤵
        
        PID:2064
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        637⤵
        
        PID:3068
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        638⤵
        
        PID:2180
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        639⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        640⤵
        
        PID:1220
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        641⤵
        
        PID:1812
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        642⤵
        
        PID:1248
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        643⤵
        
        PID:2748
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        644⤵
        Drops file in System32 directory
        
        PID:2392
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        645⤵
        
        PID:1040
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        646⤵
        
        PID:2504
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        647⤵
        
        PID:2152
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        648⤵
        
        PID:976
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        649⤵
        
        PID:444
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        650⤵
        
        PID:612
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        651⤵
        
        PID:2400
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        652⤵
        
        PID:1756
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        653⤵
        
        PID:1920
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        654⤵
        
        PID:2932
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        655⤵
        
        PID:2440
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        656⤵
        
        PID:2964
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        657⤵
        
        PID:960
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        658⤵
        
        PID:904
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        659⤵
        
        PID:1348
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        660⤵
        
        PID:2824
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        661⤵
        
        PID:2880
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        662⤵
        
        PID:2356
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        663⤵
        
        PID:2940
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        664⤵
        
        PID:1436
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        665⤵
        
        PID:2180
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        666⤵
        
        PID:2104
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        667⤵
        
        PID:1768
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        668⤵
        
        PID:2972
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        669⤵
        
        PID:2908
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        670⤵
        
        PID:1572
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        671⤵
        
        PID:2796
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        672⤵
        
        PID:3028
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        673⤵
        
        PID:3020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        674⤵
        
        PID:1524
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        675⤵
        
        PID:1716
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        676⤵
        
        PID:1336
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        677⤵
        
        PID:2828
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        678⤵
        
        PID:2532
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        679⤵
        
        PID:1800
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        680⤵
        
        PID:2892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        681⤵
        
        PID:1840
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        682⤵
        
        PID:2440
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        683⤵
        
        PID:916
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        684⤵
        
        PID:2636
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        685⤵
        
        PID:2616
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        686⤵
        Drops file in System32 directory
        
        PID:888
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        687⤵
        
        PID:2100
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        688⤵
        
        PID:264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        689⤵
        
        PID:2308
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        690⤵
        
        PID:2376
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        691⤵
        
        PID:3068
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        692⤵
        
        PID:2468
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        693⤵
        
        PID:2560
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        694⤵
        
        PID:2272
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        695⤵
        
        PID:844
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        696⤵
        
        PID:2584
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        697⤵
        
        PID:1312
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        698⤵
        
        PID:1220
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        699⤵
        
        PID:492
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        700⤵
        
        PID:2204
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        701⤵
        
        PID:3020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        702⤵
        
        PID:1592
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        703⤵
        
        PID:2520
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        704⤵
        Drops file in System32 directory
        
        PID:1336
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        705⤵
        
        PID:2828
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        706⤵
        
        PID:1604
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        707⤵
        
        PID:1316
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        708⤵
        
        PID:2892
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        709⤵
        
        PID:1840
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        710⤵
        
        PID:2440
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        711⤵
        
        PID:1180
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        712⤵
        
        PID:2900
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        713⤵
        
        PID:1920
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        714⤵
        Drops file in System32 directory
        
        PID:2076
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        715⤵
        
        PID:2276
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        716⤵
        
        PID:1532
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        717⤵
        
        PID:2308
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        718⤵
        
        PID:2444
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        719⤵
        
        PID:548
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        720⤵
        Drops file in System32 directory
        
        PID:1812
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        721⤵
        
        PID:2624
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        722⤵
        
        PID:2272
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        723⤵
        Drops file in System32 directory
        
        PID:1984
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        724⤵
        
        PID:2968
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        725⤵
        
        PID:1512
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        726⤵
        
        PID:1928
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        727⤵
        
        PID:1804
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        728⤵
        
        PID:2736
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        729⤵
        
        PID:2592
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        730⤵
        
        PID:2576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        731⤵
        
        PID:1688
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        732⤵
        
        PID:552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        733⤵
        
        PID:1952
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        734⤵
        Drops file in System32 directory
        
        PID:2020
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        735⤵
        
        PID:1296
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        736⤵
        
        PID:292
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        737⤵
        
        PID:2140
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        738⤵
        
        PID:2484
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        739⤵
        
        PID:2760
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        740⤵
        
        PID:2724
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        741⤵
        
        PID:1644
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        742⤵
        
        PID:2876
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        743⤵
        
        PID:1424
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        744⤵
        
        PID:1848
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        745⤵
        
        PID:1184
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        746⤵
        
        PID:2728
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        747⤵
        
        PID:2640
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        748⤵
        
        PID:1976
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        749⤵
        
        PID:2972
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        750⤵
        
        PID:540
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        751⤵
        
        PID:764
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        752⤵
        
        PID:2156
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        753⤵
        Drops file in System32 directory
        
        PID:1512
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        754⤵
        
        PID:1928
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        755⤵
        
        PID:1804
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        756⤵
        
        PID:1904
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        757⤵
        
        PID:2592
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        758⤵
        
        PID:2576
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        759⤵
        
        PID:1688
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        760⤵
        
        PID:552
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        761⤵
        
        PID:1952
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        762⤵
        
        PID:2588
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        763⤵
        
        PID:2692
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        764⤵
        
        PID:1264
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        765⤵
        Drops file in System32 directory
        
        PID:1956
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        766⤵
        
        PID:1932
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        767⤵
        
        PID:2192
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        768⤵
        
        PID:2372
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        769⤵
        
        PID:1792
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        770⤵
        
        PID:2544
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        771⤵
        
        PID:872
        
        C:\WINDOWS\system32\dllcache\temp.exe
        
        "C:\WINDOWS\system32\dllcache\temp.exe"
        772⤵
        
        PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\dllcache\stub.exe

Filesize
1KB

MD5
6c2bfce19a3992d3518caebb2eb8d230

SHA1
353eb09a1e94e8107a0d7692424cccbf0563b282

SHA256
4a58fe7e5abac5b355fa424b950ba2b74cef8733e2977a959a7a5d9497ffe130

SHA512
235a2b0be2835ca82ba039b2c638012e041f58a45671e5f260c5142e2d2d7374f69ad01c63574c32c796849a7d20b74d8d528df7a3368aea05bfde60dc821c2c

Download Submit
C:\Windows\System32\dllcache\temp.exe

Filesize
82KB

MD5
03bd7cae039e262c631fb39ebc1211ff

SHA1
06d4dff49e1bdbf84d4b73d76d82229b743c2cd6

SHA256
1dbbbc1945c70764b2fd23abe297dd0491887310aaeacb8df57c52217795a346

SHA512
4013b7227fbb55b7c4bf4c719fdd20c41f7440fb885e6bca5faefb98678e17b3c02365202d250d30d903617cf82f6a5b37f090b23f27d4bf0fa7ec564a4b4673

Download Submit
memory/2648-10-0x00000000002E0000-0x00000000002FC000-memory.dmp

Filesize
112KB

Download
memory/2648-1842-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2648-0-0x000007FEF53CE000-0x000007FEF53CF000-memory.dmp

Filesize
4KB

Download
memory/2648-2-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2648-3-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2648-2670-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2648-1-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2648-2665-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2648-2521-0x000007FEF53CE000-0x000007FEF53CF000-memory.dmp

Filesize
4KB

Download
memory/2688-16-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2688-69-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2688-49-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2688-27-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download
memory/2688-22-0x000007FEF5110000-0x000007FEF5AAD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads