af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad

Analysis

max time kernel
188s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 01:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Size

92KB
MD5

39a99fd8cade75608df521ed09c627b0
SHA1

8cf0e9a6ef824df7b04e11d394f757a040afbd2d
SHA256

af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad
SHA512

434f13b0bcdd490bb9c973574eab6b1efccbee5de95b690f01d1e5ef1ea882089971cedd040bfa12d995ec9281f357ae544e87bf6ee7d48d7cc93a3c16d15a18
SSDEEP

1536:AEECv+LztIYgpv6UABPI6xxs4+gE9hQ+dfoD1C5/J48sW+Cm5f6x+esQI:AESLBc6xBA6eVLdfsCXojz6xTI

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1748	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1748	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1748	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1096	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1096	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1096	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1328	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1328	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1328	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1336	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1336	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1336	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1212	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1212	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1212	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1736	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1736	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1736	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1752	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1752	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1752	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1468	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1468	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1468	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1152	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1152	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1152	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1176	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1176	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1176	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	544	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	544	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	544	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	1980	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: 33	1980	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeIncBasePriorityPrivilege	1980	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
Token: SeDebugPrivilege	2016	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1652	1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	28
PID 1704 wrote to memory of 1652	1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	28
PID 1704 wrote to memory of 1652	1704	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	28
PID 1652 wrote to memory of 952	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	29
PID 1652 wrote to memory of 952	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	29
PID 1652 wrote to memory of 952	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	29
PID 952 wrote to memory of 1460	952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	30
PID 952 wrote to memory of 1460	952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	30
PID 952 wrote to memory of 1460	952	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	30
PID 1460 wrote to memory of 756	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	31
PID 1460 wrote to memory of 756	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	31
PID 1460 wrote to memory of 756	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	31
PID 756 wrote to memory of 1568	756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	32
PID 756 wrote to memory of 1568	756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	32
PID 756 wrote to memory of 1568	756	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	32
PID 1568 wrote to memory of 1748	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	33
PID 1568 wrote to memory of 1748	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	33
PID 1568 wrote to memory of 1748	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	33
PID 1748 wrote to memory of 1096	1748	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	34
PID 1748 wrote to memory of 1096	1748	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	34
PID 1748 wrote to memory of 1096	1748	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	34
PID 1096 wrote to memory of 1328	1096	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	35
PID 1096 wrote to memory of 1328	1096	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	35
PID 1096 wrote to memory of 1328	1096	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	35
PID 1328 wrote to memory of 1336	1328	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	36
PID 1328 wrote to memory of 1336	1328	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	36
PID 1328 wrote to memory of 1336	1328	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	36
PID 1336 wrote to memory of 1212	1336	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	37
PID 1336 wrote to memory of 1212	1336	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	37
PID 1336 wrote to memory of 1212	1336	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	37
PID 1212 wrote to memory of 1736	1212	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	38
PID 1212 wrote to memory of 1736	1212	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	38
PID 1212 wrote to memory of 1736	1212	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	38
PID 1736 wrote to memory of 1752	1736	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	39
PID 1736 wrote to memory of 1752	1736	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	39
PID 1736 wrote to memory of 1752	1736	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	39
PID 1752 wrote to memory of 1652	1752	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	40
PID 1752 wrote to memory of 1652	1752	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	40
PID 1752 wrote to memory of 1652	1752	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	40
PID 1652 wrote to memory of 1468	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	41
PID 1652 wrote to memory of 1468	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	41
PID 1652 wrote to memory of 1468	1652	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	41
PID 1468 wrote to memory of 1460	1468	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	42
PID 1468 wrote to memory of 1460	1468	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	42
PID 1468 wrote to memory of 1460	1468	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	42
PID 1460 wrote to memory of 1152	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	43
PID 1460 wrote to memory of 1152	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	43
PID 1460 wrote to memory of 1152	1460	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	43
PID 1152 wrote to memory of 1568	1152	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	44
PID 1152 wrote to memory of 1568	1152	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	44
PID 1152 wrote to memory of 1568	1152	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	44
PID 1568 wrote to memory of 1176	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	45
PID 1568 wrote to memory of 1176	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	45
PID 1568 wrote to memory of 1176	1568	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	45
PID 1176 wrote to memory of 544	1176	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	46
PID 1176 wrote to memory of 544	1176	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	46
PID 1176 wrote to memory of 544	1176	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	46
PID 544 wrote to memory of 1980	544	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	47
PID 544 wrote to memory of 1980	544	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	47
PID 544 wrote to memory of 1980	544	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	47
PID 1980 wrote to memory of 2016	1980	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	143
PID 1980 wrote to memory of 2016	1980	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	143
PID 1980 wrote to memory of 2016	1980	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	143
PID 2016 wrote to memory of 1552	2016	af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe	49

C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
"C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
  C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
    C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
      C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        9⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        10⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        11⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        12⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        13⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        14⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        15⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        16⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        17⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        18⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        19⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        20⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        21⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        22⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        23⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        24⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        25⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        26⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        27⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        28⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        29⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        30⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        31⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        32⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        33⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        34⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        35⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        36⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        37⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        38⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        39⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        40⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        41⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        42⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        43⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        44⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        45⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        46⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        47⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        48⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        49⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        50⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        51⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        52⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        53⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        54⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        55⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        56⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        57⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        58⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        59⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        60⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        61⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        62⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        63⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        64⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        65⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        66⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        67⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        68⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        69⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        70⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        71⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        72⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        73⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        74⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        75⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        76⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        77⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        78⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        79⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        80⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        81⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        82⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        83⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        84⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        85⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        86⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        87⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        88⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        89⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        90⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        91⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        92⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        93⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        94⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        95⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        96⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        97⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        98⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        99⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        100⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        101⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        102⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        103⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        104⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        105⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        106⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        107⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        108⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        109⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        110⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        111⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        112⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        113⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        114⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        115⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        116⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        117⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        118⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        119⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        120⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        121⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        122⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        123⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        124⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        125⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        126⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        127⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        128⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        129⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        130⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        131⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        132⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        133⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        134⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        135⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        136⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        137⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        138⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        139⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        140⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        141⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        142⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        143⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        144⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        145⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        146⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        147⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        148⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        149⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        150⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        151⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        152⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        153⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        154⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        155⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        156⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        157⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        158⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        159⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        160⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        161⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        162⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        163⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        164⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        165⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        166⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        167⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        168⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        169⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        170⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        171⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        172⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        173⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        174⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        175⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        176⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        177⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        178⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        179⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        180⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        181⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        182⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        183⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        184⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        185⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        186⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        187⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        188⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        189⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        190⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        191⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        192⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        193⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        194⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        195⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        196⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        197⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        198⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        199⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        200⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        201⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        202⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        203⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        204⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        205⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        206⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        207⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        208⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        209⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        210⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        211⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        212⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        213⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        214⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        215⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        216⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        217⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        218⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        219⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        220⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        221⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        222⤵
        
        PID:188
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        223⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        224⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        225⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        226⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        227⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        228⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        229⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        230⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        231⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        232⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        233⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        234⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        235⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        236⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        237⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        
        C:\Users\Admin\AppData\Local\Temp\af3140da6b9e0752a8d60796d0d2bf3821a0f0430963e919e7a4fc358846e1ad.exe
        238⤵
        
        PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/296-155-0x000007FEF2C70000-0x000007FEF3D06000-memory.dmp

Filesize
16.6MB

Download
memory/296-153-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/296-201-0x0000000000B76000-0x0000000000B95000-memory.dmp

Filesize
124KB

Download
memory/296-157-0x0000000000C86000-0x0000000000CA5000-memory.dmp

Filesize
124KB

Download
memory/308-173-0x0000000000A96000-0x0000000000AB5000-memory.dmp

Filesize
124KB

Download
memory/308-170-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/308-171-0x000007FEF2790000-0x000007FEF3826000-memory.dmp

Filesize
16.6MB

Download
memory/316-162-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/316-165-0x0000000000B16000-0x0000000000B35000-memory.dmp

Filesize
124KB

Download
memory/316-163-0x000007FEF2790000-0x000007FEF3826000-memory.dmp

Filesize
16.6MB

Download
memory/316-246-0x0000000000A86000-0x0000000000AA5000-memory.dmp

Filesize
124KB

Download
memory/392-289-0x0000000000AD6000-0x0000000000AF5000-memory.dmp

Filesize
124KB

Download
memory/544-131-0x000007FEF3040000-0x000007FEF3A63000-memory.dmp

Filesize
10.1MB

Download
memory/544-132-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/544-134-0x0000000000C76000-0x0000000000C95000-memory.dmp

Filesize
124KB

Download
memory/692-284-0x0000000000B86000-0x0000000000BA5000-memory.dmp

Filesize
124KB

Download
memory/744-280-0x00000000009D6000-0x00000000009F5000-memory.dmp

Filesize
124KB

Download
memory/756-71-0x000007FEEC810000-0x000007FEED8A6000-memory.dmp

Filesize
16.6MB

Download
memory/756-74-0x0000000000A76000-0x0000000000A95000-memory.dmp

Filesize
124KB

Download
memory/756-72-0x0000000000A76000-0x0000000000A95000-memory.dmp

Filesize
124KB

Download
memory/756-70-0x000007FEF4460000-0x000007FEF4E83000-memory.dmp

Filesize
10.1MB

Download
memory/768-197-0x0000000000546000-0x0000000000565000-memory.dmp

Filesize
124KB

Download
memory/800-213-0x00000000002C6000-0x00000000002E5000-memory.dmp

Filesize
124KB

Download
memory/820-276-0x0000000000B56000-0x0000000000B75000-memory.dmp

Filesize
124KB

Download
memory/844-154-0x00000000003A6000-0x00000000003C5000-memory.dmp

Filesize
124KB

Download
memory/844-308-0x0000000000A76000-0x0000000000A95000-memory.dmp

Filesize
124KB

Download
memory/844-149-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/844-151-0x000007FEF2A30000-0x000007FEF3AC6000-memory.dmp

Filesize
16.6MB

Download
memory/912-268-0x0000000000AB6000-0x0000000000AD5000-memory.dmp

Filesize
124KB

Download
memory/912-225-0x0000000000A76000-0x0000000000A95000-memory.dmp

Filesize
124KB

Download
memory/952-62-0x000007FEF2B50000-0x000007FEF3573000-memory.dmp

Filesize
10.1MB

Download
memory/952-63-0x000007FEEC810000-0x000007FEED8A6000-memory.dmp

Filesize
16.6MB

Download
memory/952-65-0x0000000000AE6000-0x0000000000B05000-memory.dmp

Filesize
124KB

Download
memory/1068-238-0x0000000000A66000-0x0000000000A85000-memory.dmp

Filesize
124KB

Download
memory/1096-84-0x000007FEF2A00000-0x000007FEF3A96000-memory.dmp

Filesize
16.6MB

Download
memory/1096-86-0x0000000000B16000-0x0000000000B35000-memory.dmp

Filesize
124KB

Download
memory/1096-252-0x0000000000AC6000-0x0000000000AE5000-memory.dmp

Filesize
124KB

Download
memory/1096-82-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/1152-122-0x0000000000A56000-0x0000000000A75000-memory.dmp

Filesize
124KB

Download
memory/1152-119-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/1152-120-0x000007FEF29D0000-0x000007FEF3A66000-memory.dmp

Filesize
16.6MB

Download
memory/1172-229-0x0000000000BE6000-0x0000000000C05000-memory.dmp

Filesize
124KB

Download
memory/1172-272-0x0000000000B26000-0x0000000000B45000-memory.dmp

Filesize
124KB

Download
memory/1176-130-0x0000000000B76000-0x0000000000B95000-memory.dmp

Filesize
124KB

Download
memory/1176-128-0x000007FEF29D0000-0x000007FEF3A66000-memory.dmp

Filesize
16.6MB

Download
memory/1176-127-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/1212-96-0x000007FEF2450000-0x000007FEF34E6000-memory.dmp

Filesize
16.6MB

Download
memory/1212-261-0x0000000000170000-0x00000000001F0000-memory.dmp

Filesize
512KB

Download
memory/1212-99-0x0000000000AB6000-0x0000000000AD5000-memory.dmp

Filesize
124KB

Download
memory/1212-95-0x000007FEF34F0000-0x000007FEF3F13000-memory.dmp

Filesize
10.1MB

Download
memory/1236-146-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/1236-147-0x000007FEF2C70000-0x000007FEF3D06000-memory.dmp

Filesize
16.6MB

Download
memory/1236-150-0x0000000000A96000-0x0000000000AB5000-memory.dmp

Filesize
124KB

Download
memory/1320-256-0x00000000002E6000-0x0000000000305000-memory.dmp

Filesize
124KB

Download
memory/1328-177-0x0000000000AA6000-0x0000000000AC5000-memory.dmp

Filesize
124KB

Download
memory/1328-90-0x0000000000996000-0x00000000009B5000-memory.dmp

Filesize
124KB

Download
memory/1328-88-0x000007FEF2450000-0x000007FEF34E6000-memory.dmp

Filesize
16.6MB

Download
memory/1328-87-0x000007FEF34F0000-0x000007FEF3F13000-memory.dmp

Filesize
10.1MB

Download
memory/1328-175-0x000007FEF29D0000-0x000007FEF3A66000-memory.dmp

Filesize
16.6MB

Download
memory/1328-174-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/1336-304-0x0000000000B46000-0x0000000000B65000-memory.dmp

Filesize
124KB

Download
memory/1336-221-0x0000000000616000-0x0000000000635000-memory.dmp

Filesize
124KB

Download
memory/1336-91-0x000007FEF34F0000-0x000007FEF3F13000-memory.dmp

Filesize
10.1MB

Download
memory/1336-92-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1336-94-0x0000000000A26000-0x0000000000A45000-memory.dmp

Filesize
124KB

Download
memory/1460-116-0x000007FEF2C70000-0x000007FEF3D06000-memory.dmp

Filesize
16.6MB

Download
memory/1460-67-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1460-66-0x000007FEF2B50000-0x000007FEF3573000-memory.dmp

Filesize
10.1MB

Download
memory/1460-69-0x0000000000956000-0x0000000000975000-memory.dmp

Filesize
124KB

Download
memory/1460-115-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/1460-118-0x0000000000BA6000-0x0000000000BC5000-memory.dmp

Filesize
124KB

Download
memory/1468-112-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1468-114-0x0000000000486000-0x00000000004A5000-memory.dmp

Filesize
124KB

Download
memory/1468-110-0x000007FEF34F0000-0x000007FEF3F13000-memory.dmp

Filesize
10.1MB

Download
memory/1472-233-0x0000000000A56000-0x0000000000A75000-memory.dmp

Filesize
124KB

Download
memory/1504-189-0x0000000000B86000-0x0000000000BA5000-memory.dmp

Filesize
124KB

Download
memory/1552-144-0x000007FEF2C40000-0x000007FEF3CD6000-memory.dmp

Filesize
16.6MB

Download
memory/1552-143-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/1568-75-0x000007FEF4460000-0x000007FEF4E83000-memory.dmp

Filesize
10.1MB

Download
memory/1568-76-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1568-78-0x0000000000BA6000-0x0000000000BC5000-memory.dmp

Filesize
124KB

Download
memory/1568-126-0x0000000000B56000-0x0000000000B75000-memory.dmp

Filesize
124KB

Download
memory/1568-123-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/1568-124-0x000007FEF2790000-0x000007FEF3826000-memory.dmp

Filesize
16.6MB

Download
memory/1572-217-0x0000000000A66000-0x0000000000A85000-memory.dmp

Filesize
124KB

Download
memory/1596-311-0x0000000000CA6000-0x0000000000CC5000-memory.dmp

Filesize
124KB

Download
memory/1600-210-0x0000000000416000-0x0000000000435000-memory.dmp

Filesize
124KB

Download
memory/1616-186-0x0000000000A96000-0x0000000000AB5000-memory.dmp

Filesize
124KB

Download
memory/1624-264-0x0000000000B46000-0x0000000000B65000-memory.dmp

Filesize
124KB

Download
memory/1652-59-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1652-61-0x0000000000BE6000-0x0000000000C05000-memory.dmp

Filesize
124KB

Download
memory/1652-111-0x0000000000A66000-0x0000000000A85000-memory.dmp

Filesize
124KB

Download
memory/1652-108-0x000007FEF2450000-0x000007FEF34E6000-memory.dmp

Filesize
16.6MB

Download
memory/1652-107-0x000007FEF34F0000-0x000007FEF3F13000-memory.dmp

Filesize
10.1MB

Download
memory/1652-58-0x000007FEF3580000-0x000007FEF3FA3000-memory.dmp

Filesize
10.1MB

Download
memory/1704-55-0x000007FEF24E0000-0x000007FEF3576000-memory.dmp

Filesize
16.6MB

Download
memory/1704-54-0x000007FEF3580000-0x000007FEF3FA3000-memory.dmp

Filesize
10.1MB

Download
memory/1704-57-0x0000000000B06000-0x0000000000B25000-memory.dmp

Filesize
124KB

Download
memory/1728-241-0x0000000000A36000-0x0000000000A55000-memory.dmp

Filesize
124KB

Download
memory/1732-297-0x00000000006B6000-0x00000000006D5000-memory.dmp

Filesize
124KB

Download
memory/1736-102-0x0000000000A96000-0x0000000000AB5000-memory.dmp

Filesize
124KB

Download
memory/1736-100-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1736-98-0x000007FEF34F0000-0x000007FEF3F13000-memory.dmp

Filesize
10.1MB

Download
memory/1748-83-0x0000000000B96000-0x0000000000BB5000-memory.dmp

Filesize
124KB

Download
memory/1748-80-0x000007FEF2C40000-0x000007FEF3CD6000-memory.dmp

Filesize
16.6MB

Download
memory/1748-79-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/1752-193-0x00000000009B6000-0x00000000009D5000-memory.dmp

Filesize
124KB

Download
memory/1752-106-0x0000000000B26000-0x0000000000B45000-memory.dmp

Filesize
124KB

Download
memory/1752-104-0x000007FEF2A30000-0x000007FEF3AC6000-memory.dmp

Filesize
16.6MB

Download
memory/1752-103-0x000007FEF3F20000-0x000007FEF4943000-memory.dmp

Filesize
10.1MB

Download
memory/1756-167-0x000007FEF29D0000-0x000007FEF3A66000-memory.dmp

Filesize
16.6MB

Download
memory/1756-169-0x0000000000C76000-0x0000000000C95000-memory.dmp

Filesize
124KB

Download
memory/1756-166-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/1764-159-0x000007FEF29D0000-0x000007FEF3A66000-memory.dmp

Filesize
16.6MB

Download
memory/1764-161-0x0000000000B06000-0x0000000000B25000-memory.dmp

Filesize
124KB

Download
memory/1764-158-0x000007FEF4E00000-0x000007FEF5823000-memory.dmp

Filesize
10.1MB

Download
memory/1764-205-0x0000000000A06000-0x0000000000A25000-memory.dmp

Filesize
124KB

Download
memory/1784-300-0x0000000000696000-0x00000000006B5000-memory.dmp

Filesize
124KB

Download
memory/1976-179-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/1976-178-0x000007FEF3040000-0x000007FEF3A63000-memory.dmp

Filesize
10.1MB

Download
memory/1976-181-0x0000000000A96000-0x0000000000AB5000-memory.dmp

Filesize
124KB

Download
memory/1980-136-0x000007FEEC810000-0x000007FEED8A6000-memory.dmp

Filesize
16.6MB

Download
memory/1980-138-0x0000000000B36000-0x0000000000B55000-memory.dmp

Filesize
124KB

Download
memory/1980-135-0x000007FEF3040000-0x000007FEF3A63000-memory.dmp

Filesize
10.1MB

Download
memory/2016-142-0x00000000009B6000-0x00000000009D5000-memory.dmp

Filesize
124KB

Download
memory/2016-139-0x000007FEF3040000-0x000007FEF3A63000-memory.dmp

Filesize
10.1MB

Download
memory/2016-140-0x000007FEED8B0000-0x000007FEEE946000-memory.dmp

Filesize
16.6MB

Download
memory/2036-292-0x0000000000536000-0x0000000000555000-memory.dmp

Filesize
124KB

Download