872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac

Analysis

max time kernel
177s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
Size

652KB
MD5

6df8ee8cbd2e96fd9350503ce1089a38
SHA1

0accbd90a292fadb74d12d22cc37720250b92121
SHA256

872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac
SHA512

b7ca12014ed56adffc5d9bc85c1a0cff9a1c8fbdca5dc3a14941cb60be5eaab920ffb36de2a84998cb31536cdcbc14b7db7ee5d235af40a76ba06e0f874f95fb
SSDEEP

3072:2d5WXpYI+538b8Hpd3cN+UQTvK96iCAn+hQn2ThLUcuf1N29J2FAL/yVSZ4R0Dlj:5ov2KL/yVSZ4R0D

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3576-135-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3576-138-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3576-139-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3576-154-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4880-160-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4880-176-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1212-185-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4784-189-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1212-191-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1212-204-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4432-212-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3480-214-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4432-221-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4432-232-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4496-238-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2708-241-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2708-248-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2708-266-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3812-272-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4680-269-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4680-289-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4184-300-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/5104-303-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4184-319-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3444-327-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1800-325-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1800-343-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4172-352-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2828-360-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2828-363-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2608-375-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/444-384-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/660-380-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2828-382-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/660-402-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/444-408-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1808-413-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2712-418-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/444-394-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/660-388-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/1808-421-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/2712-439-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3364-442-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/3364-451-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4088-452-0x0000000000400000-0x0000000000472000-memory.dmp	upx
behavioral2/memory/4088-462-0x0000000000400000-0x0000000000472000-memory.dmp	upx

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 5056 set thread context of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 3576 set thread context of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 5056 set thread context of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 4880 set thread context of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 4784 set thread context of 1784	4784	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	88
PID 5056 set thread context of 3480	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	89
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 4432	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	90
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 1212 set thread context of 808	1212	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	91
PID 5056 set thread context of 4496	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	92
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 3480 set thread context of 5008	3480	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	93
PID 5056 set thread context of 2708	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	94
PID 4432 set thread context of 1956	4432	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	95
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 3812	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	96
PID 4496 set thread context of 3632	4496	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	97
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 4680	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	98
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 2708 set thread context of 4980	2708	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	99
PID 5056 set thread context of 5104	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	100
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 3812 set thread context of 4840	3812	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	105
PID 5056 set thread context of 4184	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	101
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 4680 set thread context of 2168	4680	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	102
PID 5056 set thread context of 3444	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	103
PID 5104 set thread context of 3200	5104	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	104
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 1800	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	106
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 4184 set thread context of 1012	4184	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	107
PID 5056 set thread context of 4172	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	108
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 3444 set thread context of 5080	3444	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	109
PID 5056 set thread context of 2608	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	110
PID 1800 set thread context of 4996	1800	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	111
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 4172 set thread context of 4580	4172	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	113
PID 5056 set thread context of 2828	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	112
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 660	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	114
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 2608 set thread context of 4668	2608	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	115
PID 5056 set thread context of 444	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	116
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 2828 set thread context of 1684	2828	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	117
PID 5056 set thread context of 1808	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	118
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 660 set thread context of 3608	660	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	119
PID 5056 set thread context of 2712	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	120
PID 444 set thread context of 2952	444	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	121
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 set thread context of 3364	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	122
PID 5056 set thread context of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 1808 set thread context of 2816	1808	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	124

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1692	1500	WerFault.exe	302

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4784	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1212	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3480	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4432	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4496	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2708	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3812	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4680	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
5104	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4184	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3444	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1800	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4172	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2608	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2828	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
660	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
444	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1808	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2712	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3364	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4088	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4788	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3472	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
100	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2160	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4972	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3136	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4268	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2508	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4052	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4340	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3596	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3652	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3924	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2184	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3516	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1144	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3208	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4240	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1492	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3544	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3096	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3160	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4256	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1092	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
220	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3424	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3660	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1524	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1676	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
216	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1308	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4048	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2012	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
5112	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
812	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
4224	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3676	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
1164	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
2520	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
3672	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 3576	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	82
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 4880	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	83
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 3576 wrote to memory of 4872	3576	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	84
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 4784	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	85
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 5056 wrote to memory of 1212	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	86
PID 4880 wrote to memory of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 4880 wrote to memory of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 4880 wrote to memory of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 4880 wrote to memory of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 4880 wrote to memory of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 4880 wrote to memory of 712	4880	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe	87
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
PID 5056 wrote to memory of 0	5056	872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe

C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
"C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3576
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4872
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:712
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:4784
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1784
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:1212
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:808
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:3480
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5008
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:4432
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1956
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:4496
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3632
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4980
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4840
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:4680
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2168
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:5104
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3200
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:4184
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1012
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:3444
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5080
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:1800
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4996
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:4172
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4580
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4668
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1684
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:660
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3608
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:444
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2952
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2816
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3364
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4904
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4088
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4788
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2008
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4256
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:696
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4508
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3544
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3044
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:220
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2536
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:100
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2044
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3424
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1520
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3472
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:636
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2372
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4972
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4280
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3136
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1088
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3660
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3960
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4268
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4244
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3208
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3592
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1432
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4736
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4240
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3196
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3924
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1232
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3516
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1980
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1020
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4392
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3652
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3060
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4340
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:836
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3276
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3560
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3096
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:424
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4084
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1492
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1892
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1676
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:316
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2268
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:216
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2216
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1140
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2884
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4896
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5112
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:548
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:812
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2188
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4224
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3080
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3676
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3992
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1164
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3532
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3996
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3672
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4568
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1312
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:532
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:260
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4560
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4876
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3692
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1080
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3236
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3120
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4452
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4076
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2316
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:960
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2288
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:740
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5068
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4888
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3976
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:916
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4604
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1460
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4528
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:624
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3908
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1588
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:440
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:884
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1532
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3328
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4092
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1216
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4576
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2912
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2944
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1004
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3380
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4596
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4820
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4328
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5012
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4296
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4740
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:844
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:5032
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3004
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3648
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4564
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2860
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5048
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:5084
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4756
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3064
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1224
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1324
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3468
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4384
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3760
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4520
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4552
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2524
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3416
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1864
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:620
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1620
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1244
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3084
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3988
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5076
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1168
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4196
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3740
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1828
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2468
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3464
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1928
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1500
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 440
    3⤵
    - Program crash
    PID:1692
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:736
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3780
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:396
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4640
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1972
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3868
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1444
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3484
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3856
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4260
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3604
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3932
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4652
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4180
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4860
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2892
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1816
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4104
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4844
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1632
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4764
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4732
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4704
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3968
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3348
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3344
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4664
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4584
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5116
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4556
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3600
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3836
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:528
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1908
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2972
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4036
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3656
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4100
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3384
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1056
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4688
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1932
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:880
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4808
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4456
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3948
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1440
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3748
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3920
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:5040
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4636
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4964
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2784
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1692
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:616
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5072
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3088
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2832
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1136
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4204
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:968
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:992
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2272
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4312
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4616
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4316
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1484
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4692
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2072
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1488
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1912
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3300
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1872
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4056
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1592
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4868
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:5100
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:4252
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1208
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3720
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4176
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:540
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3476
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2196
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1844
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1332
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:1924
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3448
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4716
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:2852
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4516
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:376
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:380
- - C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
    "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
    3⤵
    PID:3232
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:4848
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:1380
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe
  "C:\Users\Admin\AppData\Local\Temp\872974efff64b65378552a401d373a07401d12ac36a8afbdfb93eed75c999bac.exe"
  2⤵
  PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1500 -ip 1500
1⤵
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/0-157-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-249-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-137-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-235-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-145-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-181-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-225-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/0-208-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/444-394-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/444-408-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/444-384-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/660-380-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/660-388-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/660-402-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/712-188-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/712-243-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/808-217-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1012-323-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1212-191-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1212-185-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1212-204-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1784-183-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1800-325-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1800-343-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1808-421-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1808-413-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/1956-246-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2168-298-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2608-375-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2708-266-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2708-241-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2708-248-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2712-439-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2712-418-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2816-449-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2828-382-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2828-363-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2828-360-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2952-409-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3200-295-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3364-451-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3364-442-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3444-327-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3480-214-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3576-139-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3576-138-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3576-135-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3576-154-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/3608-424-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3632-245-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3812-272-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4088-462-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4088-452-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4172-352-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4184-319-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4184-300-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4432-232-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4432-221-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4432-212-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4496-238-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4580-355-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4668-391-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4680-289-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4680-269-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4784-189-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4840-297-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4872-149-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4872-161-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4880-176-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4880-160-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/4904-466-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4916-446-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4980-274-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/5008-215-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/5080-326-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/5104-303-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download