modiloader | fb4aef1c345a246ca40f7629e3a760a69e7a84161995286cda1fd26aa74c3ae9

Analysis

max time kernel
126s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19224d8fe2957721118d14faef5096ce.exe
Size

68KB
MD5

19224d8fe2957721118d14faef5096ce
SHA1

2438ee98bc8a07143c6e64c7a1bcb1386878baa3
SHA256

fb4aef1c345a246ca40f7629e3a760a69e7a84161995286cda1fd26aa74c3ae9
SHA512

867d2e0d94ab71c4d6eb2ec9df1c79ebbca8b6d3db8c0f58cf27bb1ea852c0caed39fe058f0ed194df41354177881ee2d8ae4d9c59b10c3afbcb17a3425833de
SSDEEP

1536:p4jqi5axwdaPpyNlDgS54QuZxDuKTVWCrx4LTT61B8:ujpaxGaPpyNV54DyiVd12

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 9 IoCs

resource	yara_rule
behavioral1/memory/2748-5-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2832-13-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2760-22-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2724-31-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2636-40-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2540-48-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2924-57-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/1916-66-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/1644-75-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2748 set thread context of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2832 set thread context of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2760 set thread context of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2724 set thread context of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2636 set thread context of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2540 set thread context of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2924 set thread context of 3036	2924	19224d8fe2957721118d14faef5096ce.exe	40
PID 1916 set thread context of 296	1916	19224d8fe2957721118d14faef5096ce.exe	42
PID 1644 set thread context of 796	1644	19224d8fe2957721118d14faef5096ce.exe	45
PID 2808 set thread context of 2820	2808	19224d8fe2957721118d14faef5096ce.exe	48
PID 568 set thread context of 1648	568	19224d8fe2957721118d14faef5096ce.exe	50
PID 1660 set thread context of 2348	1660	19224d8fe2957721118d14faef5096ce.exe	52
PID 1316 set thread context of 2952	1316	19224d8fe2957721118d14faef5096ce.exe	54
PID 2356 set thread context of 624	2356	19224d8fe2957721118d14faef5096ce.exe	56
PID 1960 set thread context of 1088	1960	19224d8fe2957721118d14faef5096ce.exe	58
PID 2056 set thread context of 776	2056	19224d8fe2957721118d14faef5096ce.exe	60
PID 1444 set thread context of 1556	1444	19224d8fe2957721118d14faef5096ce.exe	62
PID 748 set thread context of 928	748	19224d8fe2957721118d14faef5096ce.exe	64
PID 1932 set thread context of 900	1932	19224d8fe2957721118d14faef5096ce.exe	66
PID 2528 set thread context of 2520	2528	19224d8fe2957721118d14faef5096ce.exe	68
PID 3012 set thread context of 2200	3012	19224d8fe2957721118d14faef5096ce.exe	70
PID 1980 set thread context of 1360	1980	19224d8fe2957721118d14faef5096ce.exe	72
PID 1700 set thread context of 1248	1700	19224d8fe2957721118d14faef5096ce.exe	74
PID 2824 set thread context of 2856	2824	19224d8fe2957721118d14faef5096ce.exe	76
PID 2692 set thread context of 2276	2692	19224d8fe2957721118d14faef5096ce.exe	78
PID 2340 set thread context of 2848	2340	19224d8fe2957721118d14faef5096ce.exe	80
PID 2632 set thread context of 2476	2632	19224d8fe2957721118d14faef5096ce.exe	82
PID 2144 set thread context of 2020	2144	19224d8fe2957721118d14faef5096ce.exe	84
PID 2012 set thread context of 2912	2012	19224d8fe2957721118d14faef5096ce.exe	86
PID 2956 set thread context of 2432	2956	19224d8fe2957721118d14faef5096ce.exe	88
PID 1916 set thread context of 2916	1916	19224d8fe2957721118d14faef5096ce.exe	90
PID 768 set thread context of 2612	768	19224d8fe2957721118d14faef5096ce.exe	92
PID 284 set thread context of 1344	284	19224d8fe2957721118d14faef5096ce.exe	94
PID 320 set thread context of 992	320	19224d8fe2957721118d14faef5096ce.exe	96
PID 1660 set thread context of 1280	1660	19224d8fe2957721118d14faef5096ce.exe	98
PID 2100 set thread context of 1244	2100	19224d8fe2957721118d14faef5096ce.exe	100
PID 572 set thread context of 1812	572	19224d8fe2957721118d14faef5096ce.exe	102
PID 1928 set thread context of 1960	1928	19224d8fe2957721118d14faef5096ce.exe	104
PID 2456 set thread context of 2044	2456	19224d8fe2957721118d14faef5096ce.exe	106
PID 1804 set thread context of 1956	1804	19224d8fe2957721118d14faef5096ce.exe	108
PID 1936 set thread context of 1924	1936	19224d8fe2957721118d14faef5096ce.exe	110
PID 1932 set thread context of 1532	1932	19224d8fe2957721118d14faef5096ce.exe	112
PID 2484 set thread context of 2532	2484	19224d8fe2957721118d14faef5096ce.exe	114
PID 1196 set thread context of 3024	1196	19224d8fe2957721118d14faef5096ce.exe	116
PID 1696 set thread context of 2668	1696	19224d8fe2957721118d14faef5096ce.exe	120
PID 2840 set thread context of 2832	2840	19224d8fe2957721118d14faef5096ce.exe	122
PID 2720 set thread context of 2768	2720	19224d8fe2957721118d14faef5096ce.exe	124
PID 2696 set thread context of 2496	2696	19224d8fe2957721118d14faef5096ce.exe	126
PID 2616 set thread context of 2560	2616	19224d8fe2957721118d14faef5096ce.exe	128
PID 2004 set thread context of 2476	2004	19224d8fe2957721118d14faef5096ce.exe	130
PID 2904 set thread context of 1992	2904	19224d8fe2957721118d14faef5096ce.exe	132
PID 3048 set thread context of 2600	3048	19224d8fe2957721118d14faef5096ce.exe	134
PID 1752 set thread context of 876	1752	19224d8fe2957721118d14faef5096ce.exe	136
PID 2312 set thread context of 1772	2312	19224d8fe2957721118d14faef5096ce.exe	138
PID 1524 set thread context of 1904	1524	19224d8fe2957721118d14faef5096ce.exe	140
PID 1944 set thread context of 2784	1944	19224d8fe2957721118d14faef5096ce.exe	142
PID 568 set thread context of 288	568	19224d8fe2957721118d14faef5096ce.exe	144
PID 2252 set thread context of 836	2252	19224d8fe2957721118d14faef5096ce.exe	146
PID 2160 set thread context of 2408	2160	19224d8fe2957721118d14faef5096ce.exe	148
PID 2328 set thread context of 2428	2328	19224d8fe2957721118d14faef5096ce.exe	150
PID 1624 set thread context of 1812	1624	19224d8fe2957721118d14faef5096ce.exe	152
PID 784 set thread context of 3008	784	19224d8fe2957721118d14faef5096ce.exe	154
PID 1444 set thread context of 984	1444	19224d8fe2957721118d14faef5096ce.exe	156
PID 2192 set thread context of 2188	2192	19224d8fe2957721118d14faef5096ce.exe	158

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2652	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2844	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2744	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2624	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2108	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2472	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	3036	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	296	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	796	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2820	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1648	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2348	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2952	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	624	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1088	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	776	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1556	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	928	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	900	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2520	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2200	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1360	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1248	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2856	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2276	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2848	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2476	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2020	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2912	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2432	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2916	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2612	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1344	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	992	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1280	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1244	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1812	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1960	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2044	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1956	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1924	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1532	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2532	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	3024	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1600	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2668	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2832	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2768	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2496	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2560	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2476	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1992	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2600	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	876	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1772	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1904	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2784	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	288	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	836	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2408	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	2428	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	1812	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	3008	19224d8fe2957721118d14faef5096ce.exe
Token: SeIncBasePriorityPrivilege	984	19224d8fe2957721118d14faef5096ce.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2748 wrote to memory of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2748 wrote to memory of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2748 wrote to memory of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2748 wrote to memory of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2748 wrote to memory of 2652	2748	19224d8fe2957721118d14faef5096ce.exe	28
PID 2652 wrote to memory of 2832	2652	19224d8fe2957721118d14faef5096ce.exe	29
PID 2652 wrote to memory of 2832	2652	19224d8fe2957721118d14faef5096ce.exe	29
PID 2652 wrote to memory of 2832	2652	19224d8fe2957721118d14faef5096ce.exe	29
PID 2652 wrote to memory of 2832	2652	19224d8fe2957721118d14faef5096ce.exe	29
PID 2832 wrote to memory of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2832 wrote to memory of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2832 wrote to memory of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2832 wrote to memory of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2832 wrote to memory of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2832 wrote to memory of 2844	2832	19224d8fe2957721118d14faef5096ce.exe	30
PID 2844 wrote to memory of 2760	2844	19224d8fe2957721118d14faef5096ce.exe	31
PID 2844 wrote to memory of 2760	2844	19224d8fe2957721118d14faef5096ce.exe	31
PID 2844 wrote to memory of 2760	2844	19224d8fe2957721118d14faef5096ce.exe	31
PID 2844 wrote to memory of 2760	2844	19224d8fe2957721118d14faef5096ce.exe	31
PID 2760 wrote to memory of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2760 wrote to memory of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2760 wrote to memory of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2760 wrote to memory of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2760 wrote to memory of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2760 wrote to memory of 2744	2760	19224d8fe2957721118d14faef5096ce.exe	32
PID 2744 wrote to memory of 2724	2744	19224d8fe2957721118d14faef5096ce.exe	33
PID 2744 wrote to memory of 2724	2744	19224d8fe2957721118d14faef5096ce.exe	33
PID 2744 wrote to memory of 2724	2744	19224d8fe2957721118d14faef5096ce.exe	33
PID 2744 wrote to memory of 2724	2744	19224d8fe2957721118d14faef5096ce.exe	33
PID 2724 wrote to memory of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2724 wrote to memory of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2724 wrote to memory of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2724 wrote to memory of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2724 wrote to memory of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2724 wrote to memory of 2624	2724	19224d8fe2957721118d14faef5096ce.exe	34
PID 2624 wrote to memory of 2636	2624	19224d8fe2957721118d14faef5096ce.exe	35
PID 2624 wrote to memory of 2636	2624	19224d8fe2957721118d14faef5096ce.exe	35
PID 2624 wrote to memory of 2636	2624	19224d8fe2957721118d14faef5096ce.exe	35
PID 2624 wrote to memory of 2636	2624	19224d8fe2957721118d14faef5096ce.exe	35
PID 2636 wrote to memory of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2636 wrote to memory of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2636 wrote to memory of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2636 wrote to memory of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2636 wrote to memory of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2636 wrote to memory of 2108	2636	19224d8fe2957721118d14faef5096ce.exe	36
PID 2108 wrote to memory of 2540	2108	19224d8fe2957721118d14faef5096ce.exe	37
PID 2108 wrote to memory of 2540	2108	19224d8fe2957721118d14faef5096ce.exe	37
PID 2108 wrote to memory of 2540	2108	19224d8fe2957721118d14faef5096ce.exe	37
PID 2108 wrote to memory of 2540	2108	19224d8fe2957721118d14faef5096ce.exe	37
PID 2540 wrote to memory of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2540 wrote to memory of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2540 wrote to memory of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2540 wrote to memory of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2540 wrote to memory of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2540 wrote to memory of 2472	2540	19224d8fe2957721118d14faef5096ce.exe	38
PID 2472 wrote to memory of 2924	2472	19224d8fe2957721118d14faef5096ce.exe	39
PID 2472 wrote to memory of 2924	2472	19224d8fe2957721118d14faef5096ce.exe	39
PID 2472 wrote to memory of 2924	2472	19224d8fe2957721118d14faef5096ce.exe	39
PID 2472 wrote to memory of 2924	2472	19224d8fe2957721118d14faef5096ce.exe	39
PID 2924 wrote to memory of 3036	2924	19224d8fe2957721118d14faef5096ce.exe	40
PID 2924 wrote to memory of 3036	2924	19224d8fe2957721118d14faef5096ce.exe	40
PID 2924 wrote to memory of 3036	2924	19224d8fe2957721118d14faef5096ce.exe	40
PID 2924 wrote to memory of 3036	2924	19224d8fe2957721118d14faef5096ce.exe	40

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        7⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        9⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        10⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        12⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        13⤵
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        14⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        15⤵
        Suspicious use of SetThreadContext
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        16⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        17⤵
        Suspicious use of SetThreadContext
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        18⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        19⤵
        Suspicious use of SetThreadContext
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        20⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        21⤵
        Suspicious use of SetThreadContext
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        22⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        23⤵
        Suspicious use of SetThreadContext
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        24⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        25⤵
        Suspicious use of SetThreadContext
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        26⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        27⤵
        Suspicious use of SetThreadContext
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        28⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        29⤵
        Suspicious use of SetThreadContext
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        30⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        31⤵
        Suspicious use of SetThreadContext
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        32⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        33⤵
        Suspicious use of SetThreadContext
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        35⤵
        Suspicious use of SetThreadContext
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        37⤵
        Suspicious use of SetThreadContext
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        39⤵
        Suspicious use of SetThreadContext
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        40⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        41⤵
        Suspicious use of SetThreadContext
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        43⤵
        Suspicious use of SetThreadContext
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        44⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        45⤵
        Suspicious use of SetThreadContext
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        47⤵
        Suspicious use of SetThreadContext
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        49⤵
        Suspicious use of SetThreadContext
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        51⤵
        Suspicious use of SetThreadContext
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        52⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        53⤵
        Suspicious use of SetThreadContext
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        55⤵
        Suspicious use of SetThreadContext
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        56⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        57⤵
        Suspicious use of SetThreadContext
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        58⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        59⤵
        Suspicious use of SetThreadContext
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        60⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        61⤵
        Suspicious use of SetThreadContext
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        62⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        63⤵
        Suspicious use of SetThreadContext
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        64⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        65⤵
        Suspicious use of SetThreadContext
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        66⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        67⤵
        Suspicious use of SetThreadContext
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        68⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        69⤵
        Suspicious use of SetThreadContext
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        70⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        71⤵
        Suspicious use of SetThreadContext
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        72⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        73⤵
        Suspicious use of SetThreadContext
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        74⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        75⤵
        Suspicious use of SetThreadContext
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        76⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        77⤵
        Suspicious use of SetThreadContext
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        78⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        79⤵
        Suspicious use of SetThreadContext
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        80⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        81⤵
        Suspicious use of SetThreadContext
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        82⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        83⤵
        Suspicious use of SetThreadContext
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        84⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        85⤵
        Suspicious use of SetThreadContext
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        86⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        87⤵
        Suspicious use of SetThreadContext
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        88⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        89⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        90⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        91⤵
        Suspicious use of SetThreadContext
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        92⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        93⤵
        Suspicious use of SetThreadContext
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        94⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        95⤵
        Suspicious use of SetThreadContext
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        96⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        97⤵
        Suspicious use of SetThreadContext
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        98⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        99⤵
        Suspicious use of SetThreadContext
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        100⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        101⤵
        Suspicious use of SetThreadContext
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        102⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        103⤵
        Suspicious use of SetThreadContext
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        104⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        105⤵
        Suspicious use of SetThreadContext
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        106⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        107⤵
        Suspicious use of SetThreadContext
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        108⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        109⤵
        Suspicious use of SetThreadContext
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        110⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        111⤵
        Suspicious use of SetThreadContext
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        112⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        113⤵
        Suspicious use of SetThreadContext
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        114⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        115⤵
        Suspicious use of SetThreadContext
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        116⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        117⤵
        Suspicious use of SetThreadContext
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        118⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        119⤵
        Suspicious use of SetThreadContext
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        120⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        121⤵
        Suspicious use of SetThreadContext
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        122⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        123⤵
        Suspicious use of SetThreadContext
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        124⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        125⤵
        Suspicious use of SetThreadContext
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        126⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        127⤵
        Suspicious use of SetThreadContext
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        128⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        129⤵
        Suspicious use of SetThreadContext
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        130⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        131⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        132⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        133⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        134⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        135⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        136⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        137⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        138⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        139⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        140⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        141⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        142⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        143⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        144⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        145⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        146⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        147⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        148⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        149⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        143⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        144⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        145⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        146⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        134⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        135⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        135⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        136⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        101⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        102⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        93⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        94⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        95⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        96⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        58⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        59⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        60⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        61⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        56⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        57⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        29⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        30⤵
        
        PID:1364
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2668

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:296
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2888

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2916
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1632
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  2⤵
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
    3⤵
    PID:532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:632
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2792

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1672
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2068
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  2⤵
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
    3⤵
    PID:2240

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2104
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:3000

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1660
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:844
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:1004
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  2⤵
  PID:1588
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
    3⤵
    PID:2308

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:896
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1960
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1780
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  2⤵
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
    3⤵
    PID:944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2044
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2996

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1888
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1408
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1036

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1876
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2220
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1212

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1704
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2476
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:3060

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1992
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2140

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:308
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2156

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1772
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2916

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1732
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2380
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1756

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2408
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1712

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2080
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2460

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1812
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1960

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2044
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:556
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:304
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:908

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1548
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1416
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        6⤵
        
        PID:1860

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2164
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1900

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1568
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1572

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2840
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:936
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:1872

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2648
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2852

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2620
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        6⤵
        
        PID:3068

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:3048
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2488

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1752
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2960

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2376
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:456

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1448
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1620
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1676

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:568
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2300

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2240
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:1660

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2428
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:624

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1444
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2116

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:944
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:556

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:1868
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:3024
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2716
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2652

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2688
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2608

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2744
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2576

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
1⤵
PID:2592
- C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
  "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
  2⤵
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
      "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
      4⤵
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        10⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        13⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        14⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        15⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        16⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        17⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        18⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        19⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        20⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        21⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        22⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        23⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        24⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        25⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        26⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        27⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        28⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        29⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        30⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        31⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        32⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        33⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        34⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        35⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        36⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        37⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        38⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        39⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        40⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        41⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        42⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        43⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        44⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        45⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        46⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        47⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        48⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        49⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        50⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        51⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        52⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        53⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        54⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        55⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        56⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        57⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        58⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        59⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        60⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        61⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        62⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        63⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        64⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        65⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        66⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        67⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        68⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        69⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        70⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        71⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        72⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        73⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        74⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        75⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        76⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        77⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        78⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        79⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        80⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        81⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        82⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        83⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        84⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        85⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        86⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        87⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        88⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        89⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        90⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        91⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        92⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        93⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe" -s
        94⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        
        C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce.exe
        95⤵
        
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/296-70-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/296-69-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/624-123-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/624-124-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/776-141-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/776-142-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/796-78-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/796-79-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/900-169-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/900-168-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/928-159-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/928-160-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1088-132-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1088-133-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1248-204-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1248-205-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1344-294-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1360-195-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1360-196-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1556-151-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1556-150-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1644-75-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1648-97-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1648-96-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1916-66-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2020-249-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2020-250-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2108-43-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2200-186-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2200-187-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2276-223-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2276-222-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2348-106-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2348-105-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2432-267-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2432-268-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2472-51-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2472-52-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2476-241-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2476-240-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2520-178-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2520-177-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2540-48-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2612-286-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2612-285-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2624-35-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2624-34-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2636-40-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2652-6-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2652-3-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2652-1-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2652-4-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2652-0-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2652-7-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2652-8-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2724-31-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2744-26-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2744-25-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2748-5-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2760-22-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2820-87-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2820-88-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2832-13-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2844-16-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2844-17-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2848-231-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2848-232-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2856-214-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2856-213-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2912-258-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2912-259-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2916-276-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2916-277-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2924-57-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2952-114-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2952-115-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/3036-61-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/3036-60-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download