63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264

Analysis

max time kernel
150s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Size

152KB
MD5

16edef117c7d5ae3332f2c0863b8f3e8
SHA1

ebc41889a442dd3ca7ac151ea389a2fe84aaeb45
SHA256

63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264
SHA512

2d16131a81391aba6f8f44b5f6a80b9638229cd0328da6083a79eb92329698fbcaf09ca90ab6ea6457be497b0f9add7d32610508301c9669b19d206d7dfc8c59
SSDEEP

768:T1h1Gpjw3DwVKrJLcdIFN+y3C6mTGep2UZEccJAPfTYolQ7eB8pGIy0O8y1ozz73:TpGTiK8N+yS6mQQSUIXryCSwO+qq

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4180	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2316	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4452	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1636	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3948	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4940	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2412	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4816	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2364	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	672	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2440	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2844	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1592	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	5116	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4508	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4320	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4124	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4544	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	976	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4944	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4704	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3448	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1700	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	5092	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4136	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2520	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2104	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2616	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	5052	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2264	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4036	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2160	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2832	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4608	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	548	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	5084	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1396	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2668	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1848	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4760	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1488	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3568	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3724	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3164	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2584	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2368	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4248	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4544	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	5012	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4712	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1880	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3012	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	1892	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	5024	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	3992	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	4128	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
Token: SeDebugPrivilege	2848	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 1924	644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	80
PID 644 wrote to memory of 1924	644	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	80
PID 1924 wrote to memory of 4752	1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	81
PID 1924 wrote to memory of 4752	1924	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	81
PID 4752 wrote to memory of 3604	4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	82
PID 4752 wrote to memory of 3604	4752	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	82
PID 3604 wrote to memory of 3916	3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	83
PID 3604 wrote to memory of 3916	3604	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	83
PID 3916 wrote to memory of 1408	3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	84
PID 3916 wrote to memory of 1408	3916	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	84
PID 1408 wrote to memory of 4180	1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	85
PID 1408 wrote to memory of 4180	1408	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	85
PID 4180 wrote to memory of 2316	4180	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	86
PID 4180 wrote to memory of 2316	4180	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	86
PID 2316 wrote to memory of 4452	2316	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	87
PID 2316 wrote to memory of 4452	2316	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	87
PID 4452 wrote to memory of 1636	4452	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	88
PID 4452 wrote to memory of 1636	4452	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	88
PID 1636 wrote to memory of 3948	1636	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	89
PID 1636 wrote to memory of 3948	1636	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	89
PID 3948 wrote to memory of 4940	3948	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	90
PID 3948 wrote to memory of 4940	3948	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	90
PID 4940 wrote to memory of 2412	4940	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	163
PID 4940 wrote to memory of 2412	4940	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	163
PID 2412 wrote to memory of 4816	2412	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	92
PID 2412 wrote to memory of 4816	2412	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	92
PID 4816 wrote to memory of 2364	4816	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	93
PID 4816 wrote to memory of 2364	4816	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	93
PID 2364 wrote to memory of 672	2364	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	165
PID 2364 wrote to memory of 672	2364	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	165
PID 672 wrote to memory of 2440	672	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	95
PID 672 wrote to memory of 2440	672	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	95
PID 2440 wrote to memory of 2844	2440	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	96
PID 2440 wrote to memory of 2844	2440	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	96
PID 2844 wrote to memory of 1592	2844	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	97
PID 2844 wrote to memory of 1592	2844	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	97
PID 1592 wrote to memory of 5116	1592	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	98
PID 1592 wrote to memory of 5116	1592	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	98
PID 5116 wrote to memory of 4508	5116	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	99
PID 5116 wrote to memory of 4508	5116	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	99
PID 4508 wrote to memory of 4320	4508	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	100
PID 4508 wrote to memory of 4320	4508	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	100
PID 4320 wrote to memory of 4124	4320	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	101
PID 4320 wrote to memory of 4124	4320	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	101
PID 4124 wrote to memory of 4544	4124	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	138
PID 4124 wrote to memory of 4544	4124	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	138
PID 4544 wrote to memory of 976	4544	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	103
PID 4544 wrote to memory of 976	4544	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	103
PID 976 wrote to memory of 4944	976	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	104
PID 976 wrote to memory of 4944	976	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	104
PID 4944 wrote to memory of 4704	4944	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	105
PID 4944 wrote to memory of 4704	4944	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	105
PID 4704 wrote to memory of 3448	4704	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	106
PID 4704 wrote to memory of 3448	4704	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	106
PID 3448 wrote to memory of 1700	3448	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	107
PID 3448 wrote to memory of 1700	3448	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	107
PID 1700 wrote to memory of 5092	1700	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	292
PID 1700 wrote to memory of 5092	1700	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	292
PID 5092 wrote to memory of 4136	5092	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	109
PID 5092 wrote to memory of 4136	5092	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	109
PID 4136 wrote to memory of 2520	4136	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	110
PID 4136 wrote to memory of 2520	4136	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	110
PID 2520 wrote to memory of 2104	2520	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	111
PID 2520 wrote to memory of 2104	2520	63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe	111

C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
"C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:644
- C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
  C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
    C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
      C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        9⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        10⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        11⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        12⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        13⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        14⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        15⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        16⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        17⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        18⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        19⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        20⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        21⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        22⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        23⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        24⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        25⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        26⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        27⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        28⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        29⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        30⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        31⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        32⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        40⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        44⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        45⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        46⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        47⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        49⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        51⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        52⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        53⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        55⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        56⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        57⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        58⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        59⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        60⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        61⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        62⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        63⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        64⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        65⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        66⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        67⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        68⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        69⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        70⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        71⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        72⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        73⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        74⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        75⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        76⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        77⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        78⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        79⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        80⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        81⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        82⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        83⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        84⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        85⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        86⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        87⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        88⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        89⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        90⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        91⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        92⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        93⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        94⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        95⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        96⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        97⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        98⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        99⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        100⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        101⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        102⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        103⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        104⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        105⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        106⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        107⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        108⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        109⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        110⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        111⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        112⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        113⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        114⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        115⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        116⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        117⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        118⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        119⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        120⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        121⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        122⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        123⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        124⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        125⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        126⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        127⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        128⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        129⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        130⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        131⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        132⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        133⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        134⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        135⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        136⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        137⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        138⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        139⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        140⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        141⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        142⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        143⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        144⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        145⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        146⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        147⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        148⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        149⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        150⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        151⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        152⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        153⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        154⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        155⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        156⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        157⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        158⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        159⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        160⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        161⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        162⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        163⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        164⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        165⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        166⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        167⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        168⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        169⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        170⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        171⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        172⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        173⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        174⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        175⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        176⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        177⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        178⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        179⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        180⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        181⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        182⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        183⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        184⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        185⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        186⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        187⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        188⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        189⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        190⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        191⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        192⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        193⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        194⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        195⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        196⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        197⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        198⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        199⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        200⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        201⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        202⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        203⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        204⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        205⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        206⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        207⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        208⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        209⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        210⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        211⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        212⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        213⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        214⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        215⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        216⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        217⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        218⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        219⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        220⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        221⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        222⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        223⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        224⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        225⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        226⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        227⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        228⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        229⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        230⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        231⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        232⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        233⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        234⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        235⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        236⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        237⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        238⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        239⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        240⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        241⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        242⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        243⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        244⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        245⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        246⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        247⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        248⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        249⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        250⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        251⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        252⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        253⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        254⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        255⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        256⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        257⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        258⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        259⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        260⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        261⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        262⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        263⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        264⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        265⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        266⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        267⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        268⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        269⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        270⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        271⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        272⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        273⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        274⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        275⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        276⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        277⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        278⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        279⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        280⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        281⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        282⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        283⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        284⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        285⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        286⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        287⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        288⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        289⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        290⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        291⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        292⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        293⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        294⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        295⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        296⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        297⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        298⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        299⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        300⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        301⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        302⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        303⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        304⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        305⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        306⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        307⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        308⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        309⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        310⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        311⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        312⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        313⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        314⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        315⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        316⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        317⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        318⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        319⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        320⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        321⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        322⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        323⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        324⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        325⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        326⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        327⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        328⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        329⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        330⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        331⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        332⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        333⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        334⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        335⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        336⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        337⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        338⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        339⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        340⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        341⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        342⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        343⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        344⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        345⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        346⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        347⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        348⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        349⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        350⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        351⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        352⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        353⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        354⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        355⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        356⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        357⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        358⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        359⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        360⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        361⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        362⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        363⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        364⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        365⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        366⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        367⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        368⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        369⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        370⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        371⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        372⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        373⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        374⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        375⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        376⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        377⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        378⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        379⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        380⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        381⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        382⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        383⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        384⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        385⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        386⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        387⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        388⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        389⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        390⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        391⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        392⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        393⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        394⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        395⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        396⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        397⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        398⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        399⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        400⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        401⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        402⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        403⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        404⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        405⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        406⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        407⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        408⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        409⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        410⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        411⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        412⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        413⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        414⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        415⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        416⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        417⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        418⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        419⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        420⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        421⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        422⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        423⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        424⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        425⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        426⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        427⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        428⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        429⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        430⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        431⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        
        C:\Users\Admin\AppData\Local\Temp\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe
        432⤵
        
        PID:4568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\63b092f832979f053a1253a986f8f36b28f12378233b506174d4e9170a124264.exe.log

Filesize
224B

MD5
1e4f2a29e11dead55e61329942cd2b14

SHA1
4b3ec9b98797d2f734d67b47cc149546f21cf0af

SHA256
28bbb0da12bd69adc9df324c01392655b788115aba7466f02c23e1ba09f789d4

SHA512
2e28227d898486bfe1cea081df486464b214df50500786e30d6ee9e7d6391f3aacd2f1ed1d0eab60d518bbc79f20f32c226f00ffd70abfe9af45a746cb08416c

Download Submit
memory/548-214-0x0000000000000000-mapping.dmp

Download
memory/548-215-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/644-132-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/672-163-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/672-162-0x0000000000000000-mapping.dmp

Download
memory/976-180-0x0000000000000000-mapping.dmp

Download
memory/976-181-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1396-219-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1396-218-0x0000000000000000-mapping.dmp

Download
memory/1408-142-0x0000000000000000-mapping.dmp

Download
memory/1408-143-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1488-226-0x0000000000000000-mapping.dmp

Download
memory/1488-227-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1592-169-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1592-168-0x0000000000000000-mapping.dmp

Download
memory/1636-150-0x0000000000000000-mapping.dmp

Download
memory/1636-151-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1700-189-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1700-188-0x0000000000000000-mapping.dmp

Download
memory/1848-223-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1848-222-0x0000000000000000-mapping.dmp

Download
memory/1880-246-0x0000000000000000-mapping.dmp

Download
memory/1880-247-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1892-250-0x0000000000000000-mapping.dmp

Download
memory/1892-251-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/1924-133-0x0000000000000000-mapping.dmp

Download
memory/1924-134-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2104-197-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2104-196-0x0000000000000000-mapping.dmp

Download
memory/2160-208-0x0000000000000000-mapping.dmp

Download
memory/2160-209-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2264-205-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2264-204-0x0000000000000000-mapping.dmp

Download
memory/2316-147-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2316-146-0x0000000000000000-mapping.dmp

Download
memory/2364-161-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2364-160-0x0000000000000000-mapping.dmp

Download
memory/2368-236-0x0000000000000000-mapping.dmp

Download
memory/2368-237-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2412-157-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2412-156-0x0000000000000000-mapping.dmp

Download
memory/2440-164-0x0000000000000000-mapping.dmp

Download
memory/2440-165-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2520-195-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2520-194-0x0000000000000000-mapping.dmp

Download
memory/2584-235-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2584-234-0x0000000000000000-mapping.dmp

Download
memory/2616-199-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2616-198-0x0000000000000000-mapping.dmp

Download
memory/2668-221-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2668-220-0x0000000000000000-mapping.dmp

Download
memory/2752-200-0x0000000000000000-mapping.dmp

Download
memory/2752-201-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2832-210-0x0000000000000000-mapping.dmp

Download
memory/2832-211-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2844-166-0x0000000000000000-mapping.dmp

Download
memory/2844-167-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/2848-258-0x0000000000000000-mapping.dmp

Download
memory/2848-259-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3012-248-0x0000000000000000-mapping.dmp

Download
memory/3012-249-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3164-233-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3164-232-0x0000000000000000-mapping.dmp

Download
memory/3448-186-0x0000000000000000-mapping.dmp

Download
memory/3448-187-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3568-228-0x0000000000000000-mapping.dmp

Download
memory/3568-229-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3604-139-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3604-138-0x0000000000000000-mapping.dmp

Download
memory/3724-230-0x0000000000000000-mapping.dmp

Download
memory/3724-231-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3916-141-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3916-140-0x0000000000000000-mapping.dmp

Download
memory/3948-152-0x0000000000000000-mapping.dmp

Download
memory/3948-153-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3992-255-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/3992-254-0x0000000000000000-mapping.dmp

Download
memory/4036-207-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4036-206-0x0000000000000000-mapping.dmp

Download
memory/4052-260-0x0000000000000000-mapping.dmp

Download
memory/4124-177-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4124-176-0x0000000000000000-mapping.dmp

Download
memory/4128-257-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4128-256-0x0000000000000000-mapping.dmp

Download
memory/4136-193-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4136-192-0x0000000000000000-mapping.dmp

Download
memory/4180-144-0x0000000000000000-mapping.dmp

Download
memory/4180-145-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4248-238-0x0000000000000000-mapping.dmp

Download
memory/4248-239-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4320-175-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4320-174-0x0000000000000000-mapping.dmp

Download
memory/4452-148-0x0000000000000000-mapping.dmp

Download
memory/4452-149-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4508-173-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4508-172-0x0000000000000000-mapping.dmp

Download
memory/4544-178-0x0000000000000000-mapping.dmp

Download
memory/4544-179-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4544-241-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4544-240-0x0000000000000000-mapping.dmp

Download
memory/4608-212-0x0000000000000000-mapping.dmp

Download
memory/4608-213-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4704-184-0x0000000000000000-mapping.dmp

Download
memory/4704-185-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4712-245-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4712-244-0x0000000000000000-mapping.dmp

Download
memory/4752-137-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4752-135-0x0000000000000000-mapping.dmp

Download
memory/4760-225-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4760-224-0x0000000000000000-mapping.dmp

Download
memory/4816-158-0x0000000000000000-mapping.dmp

Download
memory/4816-159-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4940-155-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4940-154-0x0000000000000000-mapping.dmp

Download
memory/4944-183-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/4944-182-0x0000000000000000-mapping.dmp

Download
memory/5012-243-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/5012-242-0x0000000000000000-mapping.dmp

Download
memory/5024-252-0x0000000000000000-mapping.dmp

Download
memory/5024-253-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/5052-203-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/5052-202-0x0000000000000000-mapping.dmp

Download
memory/5084-216-0x0000000000000000-mapping.dmp

Download
memory/5084-217-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/5092-190-0x0000000000000000-mapping.dmp

Download
memory/5092-191-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/5116-171-0x00007FFCA9460000-0x00007FFCA9E96000-memory.dmp

Filesize
10.2MB

Download
memory/5116-170-0x0000000000000000-mapping.dmp

Download