neshta | d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bc

Analysis

max time kernel
6s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Size

719KB
MD5

d5fa75ad1ce07b13a32b8b5acd7c29f0
SHA1

e92121b871b9bc85fdc2d871909a33bc02e46420
SHA256

d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bc
SHA512

3dacc8ac1dc09298e211799f276487e72a4acf49b3781db41f0485d5451f06daf1ad9da2a55c8e421ce7a1c863bd33d46f31eec96ef2f720e68ee9b6858b6ebb
SSDEEP

6144:k972+Mq9zntr0sfGxhfLyYB4AYB4ruJqLOuDUm6QglV5MxqZ1zSAzSnUE4kwIz+Y:g2FqPz4UmTAV5MczzSAzStZz+p1k5

Score

10^/10

neshta discovery persistence spyware

Malware Config

Signatures

Detect Neshta payload 64 IoCs

resource	yara_rule
behavioral2/files/0x000b000000023b90-4.dat	family_neshta
behavioral2/files/0x000a000000023b94-10.dat	family_neshta
behavioral2/memory/1880-27-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1140-17-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3252-28-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5088-33-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/632-34-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1840-38-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5084-57-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1736-46-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3140-58-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3232-62-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/756-70-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3268-81-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/640-82-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4232-93-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1764-94-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1820-98-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/620-106-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3460-117-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3852-118-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4108-122-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3604-130-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4964-131-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3980-135-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/396-143-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2244-147-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1860-155-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2500-166-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4804-171-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2004-170-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2120-179-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1544-189-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1952-191-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1744-193-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2968-199-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/232-201-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4876-207-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4796-209-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1260-215-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/224-222-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3252-223-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4228-229-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/632-231-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3176-233-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/384-239-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1648-247-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/5016-245-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3116-248-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4512-250-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1496-256-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4088-258-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/3392-264-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2756-271-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/976-272-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4928-274-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/2520-280-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4424-287-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/228-288-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/432-290-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4708-296-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4300-298-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1720-304-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1416-306-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Neshta family
neshta

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	D04B73~1.EXE

Executes dropped EXE 5 IoCs

pid	Process
5016	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
1140	svchost.com
1880	D04B73~1.EXE
3252	svchost.com
5088	D04B73~1.EXE

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\directx.sys	D04B73~1.EXE
File opened for modification	C:\Windows\svchost.com	D04B73~1.EXE
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
File opened for modification	C:\Windows\svchost.com	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	D04B73~1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	D04B73~1.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 5016	3604	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe	84
PID 3604 wrote to memory of 5016	3604	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe	84
PID 3604 wrote to memory of 5016	3604	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe	84
PID 5016 wrote to memory of 1140	5016	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe	488
PID 5016 wrote to memory of 1140	5016	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe	488
PID 5016 wrote to memory of 1140	5016	d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe	488
PID 1140 wrote to memory of 1880	1140	svchost.com	86
PID 1140 wrote to memory of 1880	1140	svchost.com	86
PID 1140 wrote to memory of 1880	1140	svchost.com	86
PID 1880 wrote to memory of 3252	1880	D04B73~1.EXE	515
PID 1880 wrote to memory of 3252	1880	D04B73~1.EXE	515
PID 1880 wrote to memory of 3252	1880	D04B73~1.EXE	515
PID 3252 wrote to memory of 5088	3252	svchost.com	164
PID 3252 wrote to memory of 5088	3252	svchost.com	164
PID 3252 wrote to memory of 5088	3252	svchost.com	164

C:\Users\Admin\AppData\Local\Temp\d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
"C:\Users\Admin\AppData\Local\Temp\d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe"
1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Users\Admin\AppData\Local\Temp\3582-490\d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe
  "C:\Users\Admin\AppData\Local\Temp\3582-490\d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:5016
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
      C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1880
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        6⤵
        Executes dropped EXE
        
        PID:5088
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        8⤵
        
        PID:1840
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        10⤵
        
        PID:5084
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        11⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        12⤵
        
        PID:3232
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        13⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        14⤵
        
        PID:3268
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        15⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        16⤵
        
        PID:4232
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        17⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        18⤵
        
        PID:1820
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        19⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        20⤵
        
        PID:3460
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        21⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        22⤵
        
        PID:4108
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        23⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        24⤵
        
        PID:3980
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        25⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        26⤵
        
        PID:2244
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        27⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        28⤵
        
        PID:2500
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        29⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        30⤵
        
        PID:4804
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        31⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        32⤵
        
        PID:1544
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        33⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        34⤵
        
        PID:1744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        35⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        36⤵
        
        PID:232
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        37⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        38⤵
        
        PID:4796
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        39⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        40⤵
        
        PID:224
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        41⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        42⤵
        
        PID:4228
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        43⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        44⤵
        
        PID:3176
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        45⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        46⤵
        
        PID:1648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        47⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        48⤵
        
        PID:4512
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        49⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        50⤵
        
        PID:4088
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        51⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        52⤵
        
        PID:2756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        53⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        54⤵
        
        PID:4928
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        55⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        56⤵
        
        PID:4424
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        57⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        58⤵
        
        PID:432
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        59⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        60⤵
        
        PID:4300
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        61⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        62⤵
        
        PID:1416
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        63⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        64⤵
        
        PID:336
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        65⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        66⤵
        
        PID:5068
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        67⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        68⤵
        
        PID:3248
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        69⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        70⤵
        
        PID:3760
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        71⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        72⤵
        
        PID:4456
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        73⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        74⤵
        
        PID:2092
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        75⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        76⤵
        
        PID:4508
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        77⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        78⤵
        
        PID:5060
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        79⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        80⤵
        
        PID:1584
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        81⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        82⤵
        
        PID:5088
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        83⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        84⤵
        
        PID:1840
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        85⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        86⤵
        
        PID:2728
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        87⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        88⤵
        
        PID:2988
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        89⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        90⤵
        
        PID:4968
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        91⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        92⤵
        
        PID:4216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        93⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        94⤵
        
        PID:3068
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        95⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        96⤵
        
        PID:3756
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        97⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        98⤵
        
        PID:2096
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        99⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        100⤵
        
        PID:336
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        101⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        102⤵
        
        PID:404
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        103⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        104⤵
        
        PID:1740
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        105⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        106⤵
        
        PID:3940
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        107⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        108⤵
        
        PID:2092
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        109⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        110⤵
        
        PID:1568
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        111⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        112⤵
        
        PID:4908
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        113⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        114⤵
        
        PID:536
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        115⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        116⤵
        
        PID:1224
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        117⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        118⤵
        
        PID:4304
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        119⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        120⤵
        
        PID:2872
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        121⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        122⤵
        
        PID:3284
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        123⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        124⤵
        
        PID:4220
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        125⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        126⤵
        
        PID:1504
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        127⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        128⤵
        
        PID:2276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        129⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        130⤵
        
        PID:3748
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        131⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        132⤵
        
        PID:1276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        133⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        134⤵
        
        PID:232
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        135⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        136⤵
        
        PID:1132
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        137⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        138⤵
        
        PID:3516
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        139⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        140⤵
        
        PID:4616
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        141⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        142⤵
        
        PID:1408
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        143⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        144⤵
        
        PID:4704
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        145⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        146⤵
        
        PID:2872
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        147⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        148⤵
        
        PID:4744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        149⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        150⤵
        
        PID:884
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        151⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        152⤵
        
        PID:2004
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        153⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        154⤵
        
        PID:1380
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        155⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        156⤵
        
        PID:4572
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        157⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        158⤵
        
        PID:1808
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        159⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        160⤵
        
        PID:4456
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        161⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        162⤵
        
        PID:3596
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        163⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        164⤵
        
        PID:5028
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        165⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        166⤵
        
        PID:4816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        167⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        168⤵
        
        PID:3060
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        169⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        170⤵
        
        PID:1640
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        171⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        172⤵
        
        PID:976
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        173⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        174⤵
        
        PID:3236
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        175⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        176⤵
        
        PID:620
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        177⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        178⤵
        
        PID:4896
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        179⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        180⤵
        
        PID:5064
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        181⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        182⤵
        
        PID:3892
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        183⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        184⤵
        
        PID:1604
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        185⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        186⤵
        
        PID:2624
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        187⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        188⤵
        
        PID:1512
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        189⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        190⤵
        
        PID:4428
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        191⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        192⤵
        
        PID:4616
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        193⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        194⤵
        
        PID:536
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        195⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        196⤵
        
        PID:4816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        197⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        198⤵
        
        PID:3264
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        199⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        200⤵
        
        PID:2700
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        201⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        202⤵
        
        PID:3284
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        203⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        204⤵
        
        PID:1368
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        205⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        206⤵
        
        PID:4744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        207⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        208⤵
        
        PID:2768
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        209⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        210⤵
        
        PID:4804
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        211⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        212⤵
        
        PID:404
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        213⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        214⤵
        
        PID:3892
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        215⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        216⤵
        
        PID:1604
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        217⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        218⤵
        
        PID:1728
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        219⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        220⤵
        
        PID:4984
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        221⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        222⤵
        
        PID:4428
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        223⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        224⤵
        
        PID:384
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        225⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        226⤵
        
        PID:4736
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        227⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        228⤵
        
        PID:4384
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        229⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        230⤵
        
        PID:448
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        231⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        232⤵
        
        PID:4632
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        233⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        234⤵
        
        PID:4216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        235⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        236⤵
        
        PID:4708
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        237⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        238⤵
        
        PID:832
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        239⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        240⤵
        
        PID:884
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        241⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        242⤵
        
        PID:4740
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        243⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        244⤵
        
        PID:2120
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        245⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        246⤵
        
        PID:2720
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        247⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        248⤵
        
        PID:2116
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        249⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        250⤵
        
        PID:4572
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        251⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        252⤵
        
        PID:2380
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        253⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        254⤵
        
        PID:3184
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        255⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        256⤵
        
        PID:4952
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        257⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        258⤵
        
        PID:4408
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        259⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        260⤵
        
        PID:3268
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        261⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        262⤵
        
        PID:3580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        263⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        264⤵
        
        PID:4160
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        265⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        266⤵
        
        PID:4968
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        267⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        268⤵
        
        PID:2272
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        269⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        270⤵
        
        PID:2864
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        271⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        272⤵
        
        PID:2356
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        273⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        274⤵
        
        PID:376
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        275⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        276⤵
        
        PID:2996
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        277⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        278⤵
        
        PID:2560
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        279⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        280⤵
        
        PID:4500
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        281⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        282⤵
        
        PID:864
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        283⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        284⤵
        
        PID:4336
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        285⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        286⤵
        
        PID:2612
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        287⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        288⤵
        
        PID:1212
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        289⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        290⤵
        
        PID:1412
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        291⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        292⤵
        
        PID:4704
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        293⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        294⤵
        
        PID:1216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        295⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        296⤵
        
        PID:1128
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        297⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        298⤵
        
        PID:4116
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        299⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        300⤵
        
        PID:1160
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        301⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        302⤵
        
        PID:4964
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        303⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        304⤵
        
        PID:2648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        305⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        306⤵
        
        PID:2312
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        307⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        308⤵
        
        PID:4516
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        309⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        310⤵
        
        PID:432
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        311⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        312⤵
        
        PID:3892
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        313⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        314⤵
        
        PID:1604
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        315⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        316⤵
        
        PID:4876
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        317⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        318⤵
        
        PID:5000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        319⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        320⤵
        
        PID:336
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        321⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        322⤵
        
        PID:3204
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        323⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        324⤵
        
        PID:1600
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        325⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        326⤵
        
        PID:3736
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        327⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        328⤵
        
        PID:3060
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        329⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        330⤵
        
        PID:840
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        331⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        332⤵
        
        PID:1508
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        333⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        334⤵
        
        PID:2272
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        335⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        336⤵
        
        PID:4392
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        337⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        338⤵
        
        PID:2648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        339⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        340⤵
        
        PID:2144
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        341⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        342⤵
        
        PID:2860
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        343⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        344⤵
        
        PID:2208
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        345⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        346⤵
        
        PID:4596
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        347⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        348⤵
        
        PID:320
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        349⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        350⤵
        
        PID:1512
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        351⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        352⤵
        
        PID:3404
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        353⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        354⤵
        
        PID:632
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        355⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        356⤵
        
        PID:2580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        357⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        358⤵
        
        PID:2456
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        359⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        360⤵
        
        PID:388
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        361⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        362⤵
        
        PID:4028
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        363⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        364⤵
        
        PID:4828
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        365⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        366⤵
        
        PID:840
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        367⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        368⤵
        
        PID:1420
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        369⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        370⤵
        
        PID:2428
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        371⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        372⤵
        
        PID:3680
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        373⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        374⤵
        
        PID:2648
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        375⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        376⤵
        
        PID:5100
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        377⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        378⤵
        
        PID:2120
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        379⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        380⤵
        
        PID:2208
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        381⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        382⤵
        
        PID:2116
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        383⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        384⤵
        
        PID:4228
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        385⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        386⤵
        
        PID:1512
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        387⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        388⤵
        
        PID:2620
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        389⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        390⤵
        
        PID:1408
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        391⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        392⤵
        
        PID:1140
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        393⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        394⤵
        
        PID:4816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        395⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        396⤵
        
        PID:3240
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        397⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        398⤵
        
        PID:692
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        399⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        400⤵
        
        PID:4396
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        401⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        402⤵
        
        PID:3228
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        403⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        404⤵
        
        PID:4656
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        405⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        406⤵
        
        PID:4356
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        407⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        408⤵
        
        PID:2264
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        409⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        410⤵
        
        PID:744
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        411⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        412⤵
        
        PID:3388
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        413⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        414⤵
        
        PID:4536
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        415⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        416⤵
        
        PID:3892
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        417⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        418⤵
        
        PID:4608
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        419⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        420⤵
        
        PID:3752
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        421⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        422⤵
        
        PID:2584
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        423⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        424⤵
        
        PID:2000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        425⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        426⤵
        
        PID:1412
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        427⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        428⤵
        
        PID:2456
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        429⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        430⤵
        
        PID:1216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        431⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        432⤵
        
        PID:1972
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        433⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        434⤵
        
        PID:4828
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        435⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        436⤵
        
        PID:2888
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        437⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        438⤵
        
        PID:1360
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        439⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        440⤵
        
        PID:4392
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        441⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        442⤵
        
        PID:1876
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        443⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        444⤵
        
        PID:2164
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        445⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        446⤵
        
        PID:4472
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        447⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        448⤵
        
        PID:232
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        449⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        450⤵
        
        PID:5004
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        451⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        452⤵
        
        PID:3892
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        453⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        454⤵
        
        PID:532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        455⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        456⤵
        
        PID:1704
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        457⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        458⤵
        
        PID:2584
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        459⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        460⤵
        
        PID:2000
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        461⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        462⤵
        
        PID:1716
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        463⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        464⤵
        
        PID:2716
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        465⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        466⤵
        
        PID:3060
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        467⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        468⤵
        
        PID:2436
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        469⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        470⤵
        
        PID:1804
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        471⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        472⤵
        
        PID:4504
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        473⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        474⤵
        
        PID:1344
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        475⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        476⤵
        
        PID:4896
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        477⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        478⤵
        
        PID:2356
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        479⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        480⤵
        
        PID:1620
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        481⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        482⤵
        
        PID:3940
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        483⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        484⤵
        
        PID:1808
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        485⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        486⤵
        
        PID:4508
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        487⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        488⤵
        
        PID:3312
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        489⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        490⤵
        
        PID:2892
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        491⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        492⤵
        
        PID:1840
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        493⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        494⤵
        
        PID:4700
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        495⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        496⤵
        
        PID:2124
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        497⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        498⤵
        
        PID:2580
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        499⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        500⤵
        
        PID:3856
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        501⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        502⤵
        
        PID:2384
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        503⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        504⤵
        
        PID:4928
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        505⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        506⤵
        
        PID:3272
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        507⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        508⤵
        
        PID:808
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        509⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        510⤵
        
        PID:3276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        511⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        512⤵
        
        PID:3852
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        513⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        514⤵
        
        PID:884
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        515⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        516⤵
        
        PID:3248
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        517⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        518⤵
        
        PID:2216
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        519⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        520⤵
        
        PID:3528
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        521⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        522⤵
        
        PID:3732
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        523⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        524⤵
        
        PID:3688
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        525⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        526⤵
        
        PID:2624
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        527⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        528⤵
        
        PID:4152
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        529⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        530⤵
        
        PID:2172
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        531⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        532⤵
        
        PID:3288
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        533⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        534⤵
        
        PID:4816
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        535⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        536⤵
        
        PID:5084
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        537⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        538⤵
        
        PID:764
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        539⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        540⤵
        
        PID:4632
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        541⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        542⤵
        
        PID:2724
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        543⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        544⤵
        
        PID:4968
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        545⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        546⤵
        
        PID:1272
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        547⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        548⤵
        
        PID:4356
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        549⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        550⤵
        
        PID:2276
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        551⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        552⤵
        
        PID:2284
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        553⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        554⤵
        
        PID:3388
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        555⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        556⤵
        
        PID:5104
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        557⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        558⤵
        
        PID:4520
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        559⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        560⤵
        
        PID:1060
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        561⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        562⤵
        
        PID:3532
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        563⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        564⤵
        
        PID:1052
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        565⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        566⤵
        
        PID:3068
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        567⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        568⤵
        
        PID:776
        
        C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE"
        569⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\D04B73~1.EXE
        570⤵
        
        PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3582-490\d04b73d07b61680bda170eb86a5a65ad62e0e3b122ff577251449e5d58bb19bcN.exe

Filesize
678KB

MD5
29ad6ee4e4246f8bdac4ace4189967ac

SHA1
681f9dee085cafd457fd45908ef8433869a70a77

SHA256
a07109f2a94f4c6c52e7e6c3cdfa99b85be4fd6e6f9b9e70643eb1affe2a062d

SHA512
e274921177bf7f392d6fd9b442c2d0fe06feee389c2d34780f06c7e29b69d7b41bae7981d05e60080883930b5e0129d820dd414bcf4527208729dc35cee1bb59

Download Submit
C:\Windows\directx.sys

Filesize
57B

MD5
f4b5f1d4fb94957dfaf6e4fa947acff6

SHA1
56349caa0d24ceb3cbf5d7649add8f134bcb1307

SHA256
7c693e348fe4691bc89cd0b12e3ada5ab6ba4a3c2e1e6a723dacdd20c4edf2f1

SHA512
2ccd56a05e67fb1eb01727526df18e35468fed5afee7dc6ab99560d0fa73758dc093ef93f3b64979e3bec17664569d36211541cad1fcf5754d063559b281e341

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
2a9dccc0eaceca73c7b52ddcfecd219c

SHA1
f0a19cf4500762a5f626b7397ef81412ab1308df

SHA256
84ed19d1f41ba4416353a71858ee93a6393cc425e0c0f09049cd9fa14d643a27

SHA512
a070829cc928c596ba3f989b43bd793c7ded3af14076f6e7b4425fbd06105b087a3ebd47061491e3b2250147161c45b61514c182792a8e2cb359bc1093b86358

Download Submit
memory/224-222-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/228-288-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/232-201-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/336-319-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/384-239-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/396-143-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/432-290-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/620-106-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/632-34-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/632-231-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/640-82-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/756-70-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/976-272-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1140-17-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1260-215-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1416-306-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1496-256-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1544-189-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1648-247-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1720-304-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1736-46-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1744-193-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1764-94-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1820-98-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1840-38-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1860-155-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1880-27-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1952-191-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2004-170-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2120-179-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2244-147-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2500-166-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2520-280-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2756-271-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2912-312-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2968-199-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3116-248-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3140-58-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3176-233-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3232-62-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3252-28-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3252-223-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3268-81-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3392-264-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3460-117-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3604-130-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3852-118-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3980-135-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4088-258-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4108-122-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4228-229-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4232-93-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4300-298-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4424-287-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4512-250-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4708-296-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4796-209-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4804-171-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4876-207-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4928-274-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4964-131-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5016-245-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5084-57-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5088-33-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads