8e3f3cc223ecba3b680992f9b157d5ce7e6ad43ae5a75205dd48b93d894892bd

Analysis

max time kernel
60s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb5909c4417392021e82faf58fc47516.exe
Size

187KB
MD5

cb5909c4417392021e82faf58fc47516
SHA1

a10774c22afdb0771e06086cb8816b3510a5bdbb
SHA256

8e3f3cc223ecba3b680992f9b157d5ce7e6ad43ae5a75205dd48b93d894892bd
SHA512

4fe7266045bc8189e6f18987e2cfc6f93e31a84614e95245c44f87a0529441408ce02121829483feaf8d7533373d25219c1f908efa283b20882b821f8621a434
SSDEEP

3072:UYgd9Ow/jaqg5MjKUG7sPYIVvdslOIvo95TuR8LY/tkoT9gTrZl948V1lukVQ:t+1gqysPv0nvo9tuR8bi9gTlvAR

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2692 set thread context of 3016	2692	cb5909c4417392021e82faf58fc47516.exe	29
PID 3016 set thread context of 2560	3016	cb5909c4417392021e82faf58fc47516.exe	31
PID 2560 set thread context of 2440	2560	cb5909c4417392021e82faf58fc47516.exe	33
PID 2440 set thread context of 2400	2440	cb5909c4417392021e82faf58fc47516.exe	109
PID 2400 set thread context of 2876	2400	cb5909c4417392021e82faf58fc47516.exe	37
PID 2876 set thread context of 584	2876	cb5909c4417392021e82faf58fc47516.exe	39
PID 584 set thread context of 1180	584	cb5909c4417392021e82faf58fc47516.exe	41
PID 1180 set thread context of 1500	1180	cb5909c4417392021e82faf58fc47516.exe	43
PID 1500 set thread context of 1724	1500	cb5909c4417392021e82faf58fc47516.exe	45
PID 1724 set thread context of 1820	1724	cb5909c4417392021e82faf58fc47516.exe	47
PID 1820 set thread context of 1268	1820	cb5909c4417392021e82faf58fc47516.exe	49
PID 1268 set thread context of 768	1268	cb5909c4417392021e82faf58fc47516.exe	51
PID 768 set thread context of 2784	768	cb5909c4417392021e82faf58fc47516.exe	92
PID 2784 set thread context of 2776	2784	cb5909c4417392021e82faf58fc47516.exe	55
PID 2776 set thread context of 1916	2776	cb5909c4417392021e82faf58fc47516.exe	57
PID 1916 set thread context of 1788	1916	cb5909c4417392021e82faf58fc47516.exe	96
PID 1788 set thread context of 2032	1788	cb5909c4417392021e82faf58fc47516.exe	98
PID 2032 set thread context of 1408	2032	cb5909c4417392021e82faf58fc47516.exe	63
PID 1408 set thread context of 1608	1408	cb5909c4417392021e82faf58fc47516.exe	65
PID 1608 set thread context of 1692	1608	cb5909c4417392021e82faf58fc47516.exe	67
PID 1692 set thread context of 2548	1692	cb5909c4417392021e82faf58fc47516.exe	69
PID 2548 set thread context of 2568	2548	cb5909c4417392021e82faf58fc47516.exe	142
PID 2568 set thread context of 2468	2568	cb5909c4417392021e82faf58fc47516.exe	73
PID 2468 set thread context of 784	2468	cb5909c4417392021e82faf58fc47516.exe	113
PID 784 set thread context of 2724	784	cb5909c4417392021e82faf58fc47516.exe	77
PID 2724 set thread context of 1412	2724	cb5909c4417392021e82faf58fc47516.exe	79
PID 1412 set thread context of 2264	1412	cb5909c4417392021e82faf58fc47516.exe	81
PID 2264 set thread context of 1956	2264	cb5909c4417392021e82faf58fc47516.exe	83
PID 1956 set thread context of 1748	1956	cb5909c4417392021e82faf58fc47516.exe	85
PID 1748 set thread context of 1100	1748	cb5909c4417392021e82faf58fc47516.exe	87
PID 1100 set thread context of 1512	1100	cb5909c4417392021e82faf58fc47516.exe	89
PID 1512 set thread context of 1300	1512	cb5909c4417392021e82faf58fc47516.exe	91
PID 1300 set thread context of 2044	1300	cb5909c4417392021e82faf58fc47516.exe	93
PID 2044 set thread context of 300	2044	cb5909c4417392021e82faf58fc47516.exe	95
PID 300 set thread context of 2080	300	cb5909c4417392021e82faf58fc47516.exe	163
PID 2080 set thread context of 704	2080	cb5909c4417392021e82faf58fc47516.exe	193
PID 704 set thread context of 1552	704	cb5909c4417392021e82faf58fc47516.exe	101
PID 1552 set thread context of 2604	1552	cb5909c4417392021e82faf58fc47516.exe	103
PID 2604 set thread context of 2536	2604	cb5909c4417392021e82faf58fc47516.exe	141
PID 2536 set thread context of 2456	2536	cb5909c4417392021e82faf58fc47516.exe	107
PID 2456 set thread context of 2400	2456	cb5909c4417392021e82faf58fc47516.exe	109
PID 2400 set thread context of 1504	2400	cb5909c4417392021e82faf58fc47516.exe	195
PID 1504 set thread context of 784	1504	cb5909c4417392021e82faf58fc47516.exe	113
PID 784 set thread context of 2168	784	cb5909c4417392021e82faf58fc47516.exe	150
PID 2168 set thread context of 1112	2168	cb5909c4417392021e82faf58fc47516.exe	203
PID 1112 set thread context of 1688	1112	cb5909c4417392021e82faf58fc47516.exe	119
PID 1688 set thread context of 1088	1688	cb5909c4417392021e82faf58fc47516.exe	121
PID 1088 set thread context of 1792	1088	cb5909c4417392021e82faf58fc47516.exe	270
PID 1792 set thread context of 2640	1792	cb5909c4417392021e82faf58fc47516.exe	160
PID 2640 set thread context of 2832	2640	cb5909c4417392021e82faf58fc47516.exe	127
PID 2832 set thread context of 2180	2832	cb5909c4417392021e82faf58fc47516.exe	129
PID 2180 set thread context of 888	2180	cb5909c4417392021e82faf58fc47516.exe	131
PID 888 set thread context of 2868	888	cb5909c4417392021e82faf58fc47516.exe	133
PID 2868 set thread context of 1604	2868	cb5909c4417392021e82faf58fc47516.exe	135
PID 1604 set thread context of 2428	1604	cb5909c4417392021e82faf58fc47516.exe	138
PID 2428 set thread context of 1204	2428	cb5909c4417392021e82faf58fc47516.exe	172
PID 1204 set thread context of 2568	1204	cb5909c4417392021e82faf58fc47516.exe	142
PID 2568 set thread context of 572	2568	cb5909c4417392021e82faf58fc47516.exe	144
PID 572 set thread context of 2664	572	cb5909c4417392021e82faf58fc47516.exe	177
PID 2664 set thread context of 1084	2664	cb5909c4417392021e82faf58fc47516.exe	149
PID 1084 set thread context of 1400	1084	cb5909c4417392021e82faf58fc47516.exe	151
PID 1400 set thread context of 1580	1400	cb5909c4417392021e82faf58fc47516.exe	153
PID 1580 set thread context of 1728	1580	cb5909c4417392021e82faf58fc47516.exe	155
PID 1728 set thread context of 548	1728	cb5909c4417392021e82faf58fc47516.exe	244

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2692	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	3016	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2560	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2440	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2400	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2876	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	584	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1180	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1500	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1724	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1820	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1268	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	768	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2784	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2776	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1916	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1788	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2032	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1408	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1608	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1692	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2548	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2568	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2468	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	784	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2724	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1412	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2264	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1956	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1748	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1100	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1512	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1300	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2044	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	300	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2080	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	704	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1552	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2604	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2536	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2456	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2400	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1504	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	784	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2168	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1112	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1688	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1088	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1792	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2640	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2832	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2180	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	888	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2868	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1604	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2428	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1204	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2568	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	572	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	2664	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1084	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1400	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1580	cb5909c4417392021e82faf58fc47516.exe
Token: SeDebugPrivilege	1728	cb5909c4417392021e82faf58fc47516.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2496	2692	cb5909c4417392021e82faf58fc47516.exe	28
PID 2692 wrote to memory of 2496	2692	cb5909c4417392021e82faf58fc47516.exe	28
PID 2692 wrote to memory of 2496	2692	cb5909c4417392021e82faf58fc47516.exe	28
PID 2692 wrote to memory of 3016	2692	cb5909c4417392021e82faf58fc47516.exe	29
PID 2692 wrote to memory of 3016	2692	cb5909c4417392021e82faf58fc47516.exe	29
PID 2692 wrote to memory of 3016	2692	cb5909c4417392021e82faf58fc47516.exe	29
PID 2692 wrote to memory of 3016	2692	cb5909c4417392021e82faf58fc47516.exe	29
PID 2692 wrote to memory of 3016	2692	cb5909c4417392021e82faf58fc47516.exe	29
PID 3016 wrote to memory of 2684	3016	cb5909c4417392021e82faf58fc47516.exe	30
PID 3016 wrote to memory of 2684	3016	cb5909c4417392021e82faf58fc47516.exe	30
PID 3016 wrote to memory of 2684	3016	cb5909c4417392021e82faf58fc47516.exe	30
PID 3016 wrote to memory of 2560	3016	cb5909c4417392021e82faf58fc47516.exe	31
PID 3016 wrote to memory of 2560	3016	cb5909c4417392021e82faf58fc47516.exe	31
PID 3016 wrote to memory of 2560	3016	cb5909c4417392021e82faf58fc47516.exe	31
PID 3016 wrote to memory of 2560	3016	cb5909c4417392021e82faf58fc47516.exe	31
PID 3016 wrote to memory of 2560	3016	cb5909c4417392021e82faf58fc47516.exe	31
PID 2560 wrote to memory of 2688	2560	cb5909c4417392021e82faf58fc47516.exe	32
PID 2560 wrote to memory of 2688	2560	cb5909c4417392021e82faf58fc47516.exe	32
PID 2560 wrote to memory of 2688	2560	cb5909c4417392021e82faf58fc47516.exe	32
PID 2560 wrote to memory of 2440	2560	cb5909c4417392021e82faf58fc47516.exe	33
PID 2560 wrote to memory of 2440	2560	cb5909c4417392021e82faf58fc47516.exe	33
PID 2560 wrote to memory of 2440	2560	cb5909c4417392021e82faf58fc47516.exe	33
PID 2560 wrote to memory of 2440	2560	cb5909c4417392021e82faf58fc47516.exe	33
PID 2560 wrote to memory of 2440	2560	cb5909c4417392021e82faf58fc47516.exe	33
PID 2440 wrote to memory of 2404	2440	cb5909c4417392021e82faf58fc47516.exe	34
PID 2440 wrote to memory of 2404	2440	cb5909c4417392021e82faf58fc47516.exe	34
PID 2440 wrote to memory of 2404	2440	cb5909c4417392021e82faf58fc47516.exe	34
PID 2440 wrote to memory of 2400	2440	cb5909c4417392021e82faf58fc47516.exe	109
PID 2440 wrote to memory of 2400	2440	cb5909c4417392021e82faf58fc47516.exe	109
PID 2440 wrote to memory of 2400	2440	cb5909c4417392021e82faf58fc47516.exe	109
PID 2440 wrote to memory of 2400	2440	cb5909c4417392021e82faf58fc47516.exe	109
PID 2440 wrote to memory of 2400	2440	cb5909c4417392021e82faf58fc47516.exe	109
PID 2400 wrote to memory of 2976	2400	cb5909c4417392021e82faf58fc47516.exe	36
PID 2400 wrote to memory of 2976	2400	cb5909c4417392021e82faf58fc47516.exe	36
PID 2400 wrote to memory of 2976	2400	cb5909c4417392021e82faf58fc47516.exe	36
PID 2400 wrote to memory of 2876	2400	cb5909c4417392021e82faf58fc47516.exe	37
PID 2400 wrote to memory of 2876	2400	cb5909c4417392021e82faf58fc47516.exe	37
PID 2400 wrote to memory of 2876	2400	cb5909c4417392021e82faf58fc47516.exe	37
PID 2400 wrote to memory of 2876	2400	cb5909c4417392021e82faf58fc47516.exe	37
PID 2400 wrote to memory of 2876	2400	cb5909c4417392021e82faf58fc47516.exe	37
PID 2876 wrote to memory of 588	2876	cb5909c4417392021e82faf58fc47516.exe	38
PID 2876 wrote to memory of 588	2876	cb5909c4417392021e82faf58fc47516.exe	38
PID 2876 wrote to memory of 588	2876	cb5909c4417392021e82faf58fc47516.exe	38
PID 2876 wrote to memory of 584	2876	cb5909c4417392021e82faf58fc47516.exe	39
PID 2876 wrote to memory of 584	2876	cb5909c4417392021e82faf58fc47516.exe	39
PID 2876 wrote to memory of 584	2876	cb5909c4417392021e82faf58fc47516.exe	39
PID 2876 wrote to memory of 584	2876	cb5909c4417392021e82faf58fc47516.exe	39
PID 2876 wrote to memory of 584	2876	cb5909c4417392021e82faf58fc47516.exe	39
PID 584 wrote to memory of 1128	584	cb5909c4417392021e82faf58fc47516.exe	40
PID 584 wrote to memory of 1128	584	cb5909c4417392021e82faf58fc47516.exe	40
PID 584 wrote to memory of 1128	584	cb5909c4417392021e82faf58fc47516.exe	40
PID 584 wrote to memory of 1180	584	cb5909c4417392021e82faf58fc47516.exe	41
PID 584 wrote to memory of 1180	584	cb5909c4417392021e82faf58fc47516.exe	41
PID 584 wrote to memory of 1180	584	cb5909c4417392021e82faf58fc47516.exe	41
PID 584 wrote to memory of 1180	584	cb5909c4417392021e82faf58fc47516.exe	41
PID 584 wrote to memory of 1180	584	cb5909c4417392021e82faf58fc47516.exe	41
PID 1180 wrote to memory of 2956	1180	cb5909c4417392021e82faf58fc47516.exe	42
PID 1180 wrote to memory of 2956	1180	cb5909c4417392021e82faf58fc47516.exe	42
PID 1180 wrote to memory of 2956	1180	cb5909c4417392021e82faf58fc47516.exe	42
PID 1180 wrote to memory of 1500	1180	cb5909c4417392021e82faf58fc47516.exe	43
PID 1180 wrote to memory of 1500	1180	cb5909c4417392021e82faf58fc47516.exe	43
PID 1180 wrote to memory of 1500	1180	cb5909c4417392021e82faf58fc47516.exe	43
PID 1180 wrote to memory of 1500	1180	cb5909c4417392021e82faf58fc47516.exe	43
PID 1180 wrote to memory of 1500	1180	cb5909c4417392021e82faf58fc47516.exe	43

C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
"C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
  C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
  2⤵
  PID:2496
- C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
  C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
    C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
    C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
      C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
      4⤵
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
      C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        5⤵
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        6⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        7⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        9⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        12⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        12⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        13⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        13⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        14⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        14⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        15⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        15⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        16⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        17⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        17⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        18⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        18⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        19⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        19⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        20⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        20⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        21⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        21⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        22⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        22⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        23⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        23⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        24⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        24⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        25⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        25⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        26⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        26⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        27⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        27⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        28⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        28⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        29⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        29⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        30⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        30⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        31⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        31⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        32⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        32⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        33⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        33⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        34⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        34⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        35⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        35⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        36⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        36⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        37⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        37⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        38⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        38⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        39⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        39⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        40⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        40⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        41⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        41⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        42⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        42⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        43⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        43⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        44⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        44⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        45⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        45⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        46⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        46⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        47⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        47⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        48⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        48⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        49⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        49⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        50⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        50⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        51⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        51⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        52⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        53⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        53⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        54⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        54⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        55⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        55⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        56⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        56⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        57⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        57⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        58⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        58⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        59⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        59⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        60⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        61⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        62⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        63⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        63⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        64⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        64⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        65⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        65⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        66⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        66⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        67⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        67⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        68⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        68⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        69⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        69⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        70⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        70⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        71⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        71⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        72⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        72⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        73⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        73⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        74⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        74⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        75⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        75⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        76⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        76⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        77⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        77⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        78⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        78⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        79⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        79⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        80⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        80⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        81⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        81⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        82⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        82⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        83⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        83⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        84⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        84⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        85⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        85⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        86⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        86⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        87⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        87⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        88⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        88⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        89⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        89⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        90⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        90⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        91⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        91⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        92⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        92⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        93⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        93⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        94⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        94⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        95⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        95⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        96⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        96⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        97⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        97⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        98⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        98⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        99⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        99⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        100⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        100⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        101⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        101⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        102⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        102⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        103⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        103⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        104⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        104⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        105⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        105⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        106⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        106⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        107⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        107⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        108⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        108⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        109⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        109⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        110⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        110⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        111⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        111⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        112⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        112⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        113⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        113⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        114⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        114⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        115⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        115⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        116⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        116⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        117⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        117⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        118⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        118⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        119⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        119⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        120⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        120⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        121⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        121⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        122⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        122⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        123⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        123⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        124⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        124⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        125⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        125⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        126⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        126⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        127⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        127⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        128⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        128⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        129⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        129⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        130⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        130⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        131⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        131⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        132⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        132⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        133⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        133⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        134⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        134⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        135⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        135⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        136⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        136⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        137⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        137⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        138⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        138⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        139⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        139⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        140⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        140⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        141⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        141⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        142⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        142⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        143⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        143⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        144⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        144⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        145⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        145⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        146⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        146⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        147⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        147⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        148⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        148⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        149⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        149⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        150⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        150⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        151⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        151⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        152⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        152⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        153⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        153⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        154⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        154⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        155⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        155⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        156⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        156⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        157⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        157⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        158⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        158⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        159⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        159⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        160⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        160⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        161⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        161⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        162⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        162⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        163⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        163⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        164⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        164⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        165⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        165⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        166⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        166⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        167⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        167⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        168⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        168⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        169⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        169⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        170⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        170⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        171⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        171⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        172⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        172⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        173⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        173⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        174⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        174⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        175⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        175⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        176⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        176⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        177⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        177⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        178⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        178⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        179⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        179⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        180⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        180⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        181⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        181⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        182⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        182⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        183⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        183⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        184⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        184⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        185⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        185⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        186⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        186⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        187⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        187⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        188⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        188⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        189⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        189⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        190⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        190⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        191⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        191⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        192⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        192⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        193⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        193⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        194⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        194⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        195⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        195⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        196⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        196⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        197⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        197⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        198⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        198⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        199⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        199⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        200⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        200⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        201⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        201⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        202⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        202⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        203⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        203⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        204⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        204⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        205⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        205⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        206⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        206⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        207⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        207⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        208⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        208⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        209⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        209⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        210⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        210⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        211⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        211⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        212⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        212⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        213⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        213⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        214⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        214⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        215⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        215⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        216⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        216⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        217⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        217⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        218⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        218⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        219⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        219⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        220⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\cb5909c4417392021e82faf58fc47516.exe
        220⤵
        
        PID:3252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/584-52-0x0000000001F20000-0x0000000001FA0000-memory.dmp

Filesize
512KB

Download
memory/584-59-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/584-56-0x0000000001F20000-0x0000000001FA0000-memory.dmp

Filesize
512KB

Download
memory/584-53-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/584-51-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/768-104-0x00000000020F0000-0x0000000002170000-memory.dmp

Filesize
512KB

Download
memory/768-107-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/768-110-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-68-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-60-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1180-61-0x0000000000340000-0x00000000003C0000-memory.dmp

Filesize
512KB

Download
memory/1180-66-0x0000000000340000-0x00000000003C0000-memory.dmp

Filesize
512KB

Download
memory/1180-64-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1268-103-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1268-91-0x00000000020D0000-0x0000000002150000-memory.dmp

Filesize
512KB

Download
memory/1268-95-0x00000000020D0000-0x0000000002150000-memory.dmp

Filesize
512KB

Download
memory/1268-93-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1268-105-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1500-69-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1500-70-0x0000000001F20000-0x0000000001FA0000-memory.dmp

Filesize
512KB

Download
memory/1500-75-0x0000000001F20000-0x0000000001FA0000-memory.dmp

Filesize
512KB

Download
memory/1500-76-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1724-85-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1724-79-0x0000000001E00000-0x0000000001E80000-memory.dmp

Filesize
512KB

Download
memory/1724-78-0x0000000001E00000-0x0000000001E80000-memory.dmp

Filesize
512KB

Download
memory/1724-77-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1820-97-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/1820-90-0x0000000001FF0000-0x0000000002070000-memory.dmp

Filesize
512KB

Download
memory/1820-84-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2400-40-0x0000000001F10000-0x0000000001F90000-memory.dmp

Filesize
512KB

Download
memory/2400-44-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2400-35-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2440-30-0x00000000020E0000-0x0000000002160000-memory.dmp

Filesize
512KB

Download
memory/2440-29-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2440-26-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2440-27-0x00000000020E0000-0x0000000002160000-memory.dmp

Filesize
512KB

Download
memory/2440-36-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-28-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-23-0x0000000000580000-0x0000000000600000-memory.dmp

Filesize
512KB

Download
memory/2560-21-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-18-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-19-0x0000000000580000-0x0000000000600000-memory.dmp

Filesize
512KB

Download
memory/2692-7-0x0000000001FD0000-0x0000000002050000-memory.dmp

Filesize
512KB

Download
memory/2692-5-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2692-0-0x0000000000320000-0x0000000000328000-memory.dmp

Filesize
32KB

Download
memory/2692-9-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2692-1-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2692-2-0x0000000001FD0000-0x0000000002050000-memory.dmp

Filesize
512KB

Download
memory/2776-115-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2776-116-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2776-118-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2784-112-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2784-117-0x00000000020A0000-0x0000000002120000-memory.dmp

Filesize
512KB

Download
memory/2784-114-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2784-106-0x00000000020A0000-0x0000000002120000-memory.dmp

Filesize
512KB

Download
memory/2876-42-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/2876-43-0x0000000002060000-0x00000000020E0000-memory.dmp

Filesize
512KB

Download
memory/2876-46-0x0000000002060000-0x00000000020E0000-memory.dmp

Filesize
512KB

Download
memory/2876-50-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/3016-6-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3016-10-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/3016-3-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3016-8-0x0000000002150000-0x00000000021D0000-memory.dmp

Filesize
512KB

Download
memory/3016-17-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/3016-16-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

Filesize
9.6MB

Download
memory/3016-11-0x0000000002150000-0x00000000021D0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads