glupteba | 90aa6a7c770f2c0f49596731c80fda7d044802dea9e905ff999b39cda5428407

Resubmissions

09-09-2021 17:41

210909-v9lgtabfhq 10

09-09-2021 04:26

08-09-2021 21:37

08-09-2021 21:29

08-09-2021 13:52

07-09-2021 18:07

Analysis

max time kernel
33s
max time network
868s
platform
windows10_x64
resource
win10v20210408
submitted
08-09-2021 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_x86_x64_install.exe
Size

2.9MB
MD5

3f1f81101d0ce95fdfac97f5913cd662
SHA1

8e615a64e4d72b08926242b7d73a608bdd7e9fce
SHA256

90aa6a7c770f2c0f49596731c80fda7d044802dea9e905ff999b39cda5428407
SHA512

a776c1f8636ef90d294becf8d09a45366463364026837c19e13227c1c5c9a6656b6fa525e0eec5a1a46997b6ef7066e958c02523a7c4538d046f8b2091145285

Malware Config

Extracted

Family

vidar

Version

40.5

Botnet

706

https://gheorghip.tumblr.com/

Attributes

profile_id
706

Extracted

Family

redline

Botnet

Jayson

95.181.172.207:56915

Extracted

Family

vidar

Version

40.5

Botnet

916

https://gheorghip.tumblr.com/

Attributes

profile_id
916

Extracted

Family

smokeloader

Version

2020

http://varmisende.com/upload/

http://fernandomayol.com/upload/

http://nextlytm.com/upload/

http://people4jan.com/upload/

http://asfaltwerk.com/upload/

rc4.i32

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba Payload 2 IoCs

resource	yara_rule
behavioral6/memory/5492-495-0x0000000002E10000-0x000000000372E000-memory.dmp	family_glupteba
behavioral6/memory/5492-498-0x0000000000400000-0x0000000002574000-memory.dmp	family_glupteba

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Process spawned unexpected child process 3 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	5288	3480	rundll32.exe	6
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	6848	3480	rundll32.exe	6
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	11296	3480	rundll32.exe	6

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine Payload 11 IoCs

resource	yara_rule
behavioral6/memory/4596-293-0x0000000000400000-0x0000000000422000-memory.dmp	family_redline
behavioral6/memory/4596-294-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/4596-326-0x0000000004F70000-0x0000000005576000-memory.dmp	family_redline
behavioral6/memory/4396-346-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/2264-394-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/2264-416-0x00000000055A0000-0x0000000005BA6000-memory.dmp	family_redline
behavioral6/memory/5304-448-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/5968-512-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/5752-569-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/3452-585-0x000000000041C5E2-mapping.dmp	family_redline
behavioral6/memory/4212-642-0x000000000041C5E2-mapping.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars

Socelars Payload 2 IoCs

resource	yara_rule
behavioral6/files/0x000100000001ab61-150.dat	family_socelars
behavioral6/files/0x000100000001ab61-178.dat	family_socelars

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

rl_trojan 3 IoCs

redline stealer.

stealer

resource	yara_rule
behavioral6/files/0x000100000001ab65-146.dat	redline
behavioral6/files/0x000100000001ab65-156.dat	redline
behavioral6/files/0x000100000001ab65-252.dat	redline

suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
suricata
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
suricata
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Vidar Stealer 4 IoCs

stealer

resource	yara_rule
behavioral6/memory/3432-201-0x0000000004850000-0x0000000004921000-memory.dmp	family_vidar
behavioral6/memory/3432-205-0x0000000000400000-0x0000000002BB2000-memory.dmp	family_vidar
behavioral6/memory/4428-305-0x0000000000400000-0x0000000002BB2000-memory.dmp	family_vidar
behavioral6/memory/4428-300-0x0000000004790000-0x0000000004861000-memory.dmp	family_vidar

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral6/files/0x000100000001ab58-122.dat	aspack_v212_v242
behavioral6/files/0x000100000001ab58-124.dat	aspack_v212_v242
behavioral6/files/0x000100000001ab59-121.dat	aspack_v212_v242
behavioral6/files/0x000100000001ab59-126.dat	aspack_v212_v242
behavioral6/files/0x000100000001ab5b-128.dat	aspack_v212_v242
behavioral6/files/0x000100000001ab5b-130.dat	aspack_v212_v242

Downloads MZ/PE file

Executes dropped EXE 40 IoCs

pid	Process
3828	setup_installer.exe
2860	setup_install.exe
1036	Tue11bc0507b56295.exe
3336	Tue11e4e580f2e8141a3.exe
3432	Tue112c483dd3245d.exe
4092	Tue11b9d76a96506.exe
3976	Tue11f251db82fb7b.exe
3724	Tue11141271fbe5877f.exe
1408	Tue118f55232e4.exe
2964	Tue1109eec571ac.exe
548	Tue11d7385a978cc.exe
1040	Tue11b9d76a96506.tmp
4136	LzmwAqmV.exe
4192	3845775.exe
4252	Chrome 5.exe
4296	5767811.exe
4380	PublicDwlBrowser1100.exe
4428	Alfanewfile2.exe
4532	2.exe
2820	Tue11e4e580f2e8141a3.exe
4552	46807GHF____.exe
4664	setup.exe
4728	WinHoster.exe
4692	3972588.exe
4876	setup_2.exe
4952	3002.exe
5020	setup_2.tmp
5064	jhuuee.exe
3676	7544302.exe
4596	Tue11e4e580f2e8141a3.exe
4144	BearVpn 3.exe
4320	3700928.exe
4264	rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
4160	8032223.exe
2204	1515706.exe
4396	Tue11e4e580f2e8141a3.exe
4316	setup_2.exe
5168	setup_2.tmp
5224	3002.exe
2264	Tue11e4e580f2e8141a3.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	3972588.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	7544302.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	7544302.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	3972588.exe

Loads dropped DLL 9 IoCs

pid	Process
2860	setup_install.exe
2860	setup_install.exe
2860	setup_install.exe
2860	setup_install.exe
2860	setup_install.exe
2860	setup_install.exe
1040	Tue11b9d76a96506.tmp
5020	setup_2.tmp
5168	setup_2.tmp

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral6/files/0x00020000000155fe-268.dat	themida
behavioral6/files/0x00020000000155fe-278.dat	themida
behavioral6/memory/4692-315-0x0000000000260000-0x0000000000261000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinHost = "C:\\Users\\Admin\\AppData\\Roaming\\WinHost\\WinHoster.exe"	5767811.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	7544302.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	3972588.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 9 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
560	ipinfo.io
136	ip-api.com
207	ipinfo.io
208	ipinfo.io
214	ipinfo.io
555	ipinfo.io
2577	ipinfo.io
2581	ipinfo.io
59	ip-api.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4692	3972588.exe
3676	7544302.exe

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3336 set thread context of 4596	3336	Tue11e4e580f2e8141a3.exe	108
PID 3336 set thread context of 4396	3336	Tue11e4e580f2e8141a3.exe	126
PID 3336 set thread context of 2264	3336	Tue11e4e580f2e8141a3.exe	133

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 40 IoCs

pid	pid_target	Process	procid_target
4820	2964	WerFault.exe	95
4788	4664	WerFault.exe	109
4184	4664	WerFault.exe	109
3724	2964	WerFault.exe	95
3156	4664	WerFault.exe	109
5028	2964	WerFault.exe	95
4712	2964	WerFault.exe	95
5084	4664	WerFault.exe	109
5144	4664	WerFault.exe	109
6044	2964	WerFault.exe	95
5024	4664	WerFault.exe	109
4936	4664	WerFault.exe	109
4852	4664	WerFault.exe	109
5196	5492	WerFault.exe	148
5896	4664	WerFault.exe	109
732	5492	WerFault.exe	148
2176	5492	WerFault.exe	148
1792	2964	WerFault.exe	95
5244	2964	WerFault.exe	95
5148	5492	WerFault.exe	148
5992	2964	WerFault.exe	95
5060	5492	WerFault.exe	148
1256	5492	WerFault.exe	148
864	5492	WerFault.exe	148
5644	5492	WerFault.exe	148
6816	4192	WerFault.exe	102
4432	4320	WerFault.exe	119
6504	5492	WerFault.exe	148
5132	5492	WerFault.exe	148
6660	5392	WerFault.exe	205
7292	5392	WerFault.exe	205
7512	5392	WerFault.exe	205
7668	5392	WerFault.exe	205
7940	5392	WerFault.exe	205
7344	7824	WerFault.exe	239
8716	7824	WerFault.exe	239
9112	7824	WerFault.exe	239
5764	7824	WerFault.exe	239
5692	8116	WerFault.exe	265
5204	8116	WerFault.exe	265

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Process not Found
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Process not Found
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Process not Found

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
6784	schtasks.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
7136	timeout.exe
7072	timeout.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
5644	taskkill.exe
5184	taskkill.exe
6616	taskkill.exe
13868	taskkill.exe
14248	taskkill.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Tue112c483dd3245d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Tue112c483dd3245d.exe

Runs ping.exe 1 TTPs 4 IoCs

Remote System Discovery

T1018

pid	Process
19904	PING.EXE
31588	Process not Found
5432	Process not Found
40216	Process not Found

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	17	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1036	Process not Found
1036	Process not Found
2156	powershell.exe
2156	powershell.exe
2156	powershell.exe
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
2156	powershell.exe
2156	powershell.exe
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
3032	Process not Found
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe
4820	WerFault.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1036	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	1408	Tue118f55232e4.exe
Token: SeAssignPrimaryTokenPrivilege	1408	Tue118f55232e4.exe
Token: SeLockMemoryPrivilege	1408	Tue118f55232e4.exe
Token: SeIncreaseQuotaPrivilege	1408	Tue118f55232e4.exe
Token: SeDebugPrivilege	3976	Tue11f251db82fb7b.exe
Token: SeMachineAccountPrivilege	1408	Tue118f55232e4.exe
Token: SeTcbPrivilege	1408	Tue118f55232e4.exe
Token: SeSecurityPrivilege	1408	Tue118f55232e4.exe
Token: SeTakeOwnershipPrivilege	1408	Tue118f55232e4.exe
Token: SeLoadDriverPrivilege	1408	Tue118f55232e4.exe
Token: SeSystemProfilePrivilege	1408	Tue118f55232e4.exe
Token: SeSystemtimePrivilege	1408	Tue118f55232e4.exe
Token: SeProfSingleProcessPrivilege	1408	Tue118f55232e4.exe
Token: SeIncBasePriorityPrivilege	1408	Tue118f55232e4.exe
Token: SeCreatePagefilePrivilege	1408	Tue118f55232e4.exe
Token: SeCreatePermanentPrivilege	1408	Tue118f55232e4.exe
Token: SeBackupPrivilege	1408	Tue118f55232e4.exe
Token: SeRestorePrivilege	1408	Tue118f55232e4.exe
Token: SeShutdownPrivilege	1408	Tue118f55232e4.exe
Token: SeDebugPrivilege	1408	Tue118f55232e4.exe
Token: SeAuditPrivilege	1408	Tue118f55232e4.exe
Token: SeSystemEnvironmentPrivilege	1408	Tue118f55232e4.exe
Token: SeChangeNotifyPrivilege	1408	Tue118f55232e4.exe
Token: SeRemoteShutdownPrivilege	1408	Tue118f55232e4.exe
Token: SeUndockPrivilege	1408	Tue118f55232e4.exe
Token: SeSyncAgentPrivilege	1408	Tue118f55232e4.exe
Token: SeEnableDelegationPrivilege	1408	Tue118f55232e4.exe
Token: SeManageVolumePrivilege	1408	Tue118f55232e4.exe
Token: SeImpersonatePrivilege	1408	Tue118f55232e4.exe
Token: SeCreateGlobalPrivilege	1408	Tue118f55232e4.exe
Token: 31	1408	Tue118f55232e4.exe
Token: 32	1408	Tue118f55232e4.exe
Token: 33	1408	Tue118f55232e4.exe
Token: 34	1408	Tue118f55232e4.exe
Token: 35	1408	Tue118f55232e4.exe
Token: SeDebugPrivilege	3724	WerFault.exe
Token: SeDebugPrivilege	2156	powershell.exe
Token: SeDebugPrivilege	4192	3845775.exe
Token: SeDebugPrivilege	4380	PublicDwlBrowser1100.exe
Token: SeDebugPrivilege	4532	2.exe
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeDebugPrivilege	4144	BearVpn 3.exe
Token: SeDebugPrivilege	4320	3700928.exe
Token: SeRestorePrivilege	4820	WerFault.exe
Token: SeBackupPrivilege	4820	WerFault.exe
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeShutdownPrivilege	3032	Process not Found
Token: SeCreatePagefilePrivilege	3032	Process not Found
Token: SeDebugPrivilege	4820	WerFault.exe
Token: SeDebugPrivilege	4788	WerFault.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 3828	396	setup_x86_x64_install.exe	75
PID 396 wrote to memory of 3828	396	setup_x86_x64_install.exe	75
PID 396 wrote to memory of 3828	396	setup_x86_x64_install.exe	75
PID 3828 wrote to memory of 2860	3828	setup_installer.exe	76
PID 3828 wrote to memory of 2860	3828	setup_installer.exe	76
PID 3828 wrote to memory of 2860	3828	setup_installer.exe	76
PID 2860 wrote to memory of 1576	2860	setup_install.exe	79
PID 2860 wrote to memory of 1576	2860	setup_install.exe	79
PID 2860 wrote to memory of 1576	2860	setup_install.exe	79
PID 2860 wrote to memory of 728	2860	setup_install.exe	80
PID 2860 wrote to memory of 728	2860	setup_install.exe	80
PID 2860 wrote to memory of 728	2860	setup_install.exe	80
PID 2860 wrote to memory of 3772	2860	setup_install.exe	81
PID 2860 wrote to memory of 3772	2860	setup_install.exe	81
PID 2860 wrote to memory of 3772	2860	setup_install.exe	81
PID 2860 wrote to memory of 1332	2860	setup_install.exe	82
PID 2860 wrote to memory of 1332	2860	setup_install.exe	82
PID 2860 wrote to memory of 1332	2860	setup_install.exe	82
PID 2860 wrote to memory of 2308	2860	setup_install.exe	83
PID 2860 wrote to memory of 2308	2860	setup_install.exe	83
PID 2860 wrote to memory of 2308	2860	setup_install.exe	83
PID 2860 wrote to memory of 984	2860	setup_install.exe	84
PID 2860 wrote to memory of 984	2860	setup_install.exe	84
PID 2860 wrote to memory of 984	2860	setup_install.exe	84
PID 2860 wrote to memory of 1180	2860	setup_install.exe	90
PID 2860 wrote to memory of 1180	2860	setup_install.exe	90
PID 2860 wrote to memory of 1180	2860	setup_install.exe	90
PID 2860 wrote to memory of 2204	2860	setup_install.exe	85
PID 2860 wrote to memory of 2204	2860	setup_install.exe	85
PID 2860 wrote to memory of 2204	2860	setup_install.exe	85
PID 2860 wrote to memory of 516	2860	setup_install.exe	88
PID 2860 wrote to memory of 516	2860	setup_install.exe	88
PID 2860 wrote to memory of 516	2860	setup_install.exe	88
PID 2860 wrote to memory of 500	2860	setup_install.exe	86
PID 2860 wrote to memory of 500	2860	setup_install.exe	86
PID 2860 wrote to memory of 500	2860	setup_install.exe	86
PID 984 wrote to memory of 1036	984	cmd.exe	87
PID 984 wrote to memory of 1036	984	cmd.exe	87
PID 984 wrote to memory of 1036	984	cmd.exe	87
PID 1180 wrote to memory of 3336	1180	cmd.exe	89
PID 1180 wrote to memory of 3336	1180	cmd.exe	89
PID 1180 wrote to memory of 3336	1180	cmd.exe	89
PID 1576 wrote to memory of 2156	1576	cmd.exe	99
PID 1576 wrote to memory of 2156	1576	cmd.exe	99
PID 1576 wrote to memory of 2156	1576	cmd.exe	99
PID 500 wrote to memory of 3432	500	cmd.exe	98
PID 500 wrote to memory of 3432	500	cmd.exe	98
PID 500 wrote to memory of 3432	500	cmd.exe	98
PID 3772 wrote to memory of 4092	3772	cmd.exe	91
PID 3772 wrote to memory of 4092	3772	cmd.exe	91
PID 3772 wrote to memory of 4092	3772	cmd.exe	91
PID 1332 wrote to memory of 3976	1332	cmd.exe	92
PID 1332 wrote to memory of 3976	1332	cmd.exe	92
PID 2204 wrote to memory of 3724	2204	cmd.exe	97
PID 2204 wrote to memory of 3724	2204	cmd.exe	97
PID 516 wrote to memory of 1408	516	cmd.exe	96
PID 516 wrote to memory of 1408	516	cmd.exe	96
PID 516 wrote to memory of 1408	516	cmd.exe	96
PID 2308 wrote to memory of 2964	2308	cmd.exe	95
PID 2308 wrote to memory of 2964	2308	cmd.exe	95
PID 2308 wrote to memory of 2964	2308	cmd.exe	95
PID 728 wrote to memory of 548	728	cmd.exe	94
PID 728 wrote to memory of 548	728	cmd.exe	94
PID 728 wrote to memory of 548	728	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe
"C:\Users\Admin\AppData\Local\Temp\setup_x86_x64_install.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:396
- C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\setup_install.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\setup_install.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1576
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2156
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue11d7385a978cc.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:728
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11d7385a978cc.exe
        
        Tue11d7385a978cc.exe
        5⤵
        Executes dropped EXE
        
        PID:548
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue11b9d76a96506.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11b9d76a96506.exe
        
        Tue11b9d76a96506.exe
        5⤵
        Executes dropped EXE
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\is-BCUFM.tmp\Tue11b9d76a96506.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-BCUFM.tmp\Tue11b9d76a96506.tmp" /SL5="$4003A,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11b9d76a96506.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\is-M8I2O.tmp\46807GHF____.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-M8I2O.tmp\46807GHF____.exe" /S /UID=burnerch2
        7⤵
        Executes dropped EXE
        
        PID:4552
        
        C:\Program Files\Google\WFEOOYKIZU\ultramediaburner.exe
        
        "C:\Program Files\Google\WFEOOYKIZU\ultramediaburner.exe" /VERYSILENT
        8⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\is-V6G47.tmp\ultramediaburner.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-V6G47.tmp\ultramediaburner.tmp" /SL5="$20278,281924,62464,C:\Program Files\Google\WFEOOYKIZU\ultramediaburner.exe" /VERYSILENT
        9⤵
        
        PID:6180
        
        C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe
        
        "C:\Program Files (x86)\UltraMediaBurner\UltraMediaBurner.exe" -silent -desktopShortcut -programMenu
        10⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\6f-4e4f6-af4-cf287-95427e89c4b8c\Pohawulucae.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f-4e4f6-af4-cf287-95427e89c4b8c\Pohawulucae.exe"
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\e9-cc3a4-147-8d1b9-decb6fc9e8e5a\Qixaejanaeshae.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e9-cc3a4-147-8d1b9-decb6fc9e8e5a\Qixaejanaeshae.exe"
        8⤵
        
        PID:6332
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\n0eshrnc.xcb\GcleanerEU.exe /eufive & exit
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\n0eshrnc.xcb\GcleanerEU.exe
        
        C:\Users\Admin\AppData\Local\Temp\n0eshrnc.xcb\GcleanerEU.exe /eufive
        10⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 648
        11⤵
        Program crash
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 660
        11⤵
        Program crash
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 772
        11⤵
        Program crash
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 808
        11⤵
        Program crash
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 908
        11⤵
        Program crash
        
        PID:7940
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\fpvliadh.y1g\installer.exe /qn CAMPAIGN="654" & exit
        9⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\fpvliadh.y1g\installer.exe
        
        C:\Users\Admin\AppData\Local\Temp\fpvliadh.y1g\installer.exe /qn CAMPAIGN="654"
        10⤵
        
        PID:4544
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\lamj5e5k.umk\anyname.exe & exit
        9⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\lamj5e5k.umk\anyname.exe
        
        C:\Users\Admin\AppData\Local\Temp\lamj5e5k.umk\anyname.exe
        10⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\lamj5e5k.umk\anyname.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lamj5e5k.umk\anyname.exe" -u
        11⤵
        
        PID:5088
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\k43ajxeo.o0z\BsInstFile.exe & exit
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\k43ajxeo.o0z\BsInstFile.exe
        
        C:\Users\Admin\AppData\Local\Temp\k43ajxeo.o0z\BsInstFile.exe
        10⤵
        
        PID:6536
        
        C:\ProgramData\5639274.exe
        
        "C:\ProgramData\5639274.exe"
        11⤵
        
        PID:5448
        
        C:\ProgramData\7376418.exe
        
        "C:\ProgramData\7376418.exe"
        11⤵
        
        PID:4332
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\qj34tlrg.zcr\Cleanpro13.exe & exit
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\qj34tlrg.zcr\Cleanpro13.exe
        
        C:\Users\Admin\AppData\Local\Temp\qj34tlrg.zcr\Cleanpro13.exe
        10⤵
        
        PID:7572
        
        C:\Users\Admin\Documents\9IoFWQH2qpH8ogqrBUE1FHgY.exe
        
        "C:\Users\Admin\Documents\9IoFWQH2qpH8ogqrBUE1FHgY.exe"
        11⤵
        
        PID:7368
        
        C:\Users\Admin\Documents\wmljCBbfmB6aSdTJHjeCUlXN.exe
        
        "C:\Users\Admin\Documents\wmljCBbfmB6aSdTJHjeCUlXN.exe"
        11⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\dllhost.exe
        
        dllhost.exe
        12⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c cmd < Nobile.docm
        12⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd
        13⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /V /R "^mFzuIhvmvbdHpfegBQvdRBWtkZruqmiMQZvPfzkmbfdsclZwZBnIIvmXJgVJldnWdERlThYiFXSCkFJqZwimwmrxmnuwnBfiQxqRzPi$" Vederlo.docm
        14⤵
        
        PID:19400
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        Rimasta.exe.com J
        14⤵
        
        PID:26608
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        15⤵
        
        PID:27492
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        16⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        17⤵
        
        PID:27176
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        18⤵
        
        PID:26492
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        19⤵
        
        PID:29108
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        20⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        21⤵
        
        PID:31232
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        22⤵
        
        PID:30632
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        23⤵
        
        PID:32744
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        24⤵
        
        PID:25628
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        25⤵
        
        PID:31968
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        26⤵
        
        PID:33056
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        27⤵
        
        PID:29216
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        28⤵
        
        PID:33656
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        29⤵
        
        PID:20816
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        30⤵
        
        PID:23408
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Rimasta.exe.com J
        31⤵
        
        PID:35716
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost
        14⤵
        Runs ping.exe
        
        PID:19904
        
        C:\Users\Admin\Documents\q0kwqh0oCn5FZfDUtQuzu0iM.exe
        
        "C:\Users\Admin\Documents\q0kwqh0oCn5FZfDUtQuzu0iM.exe"
        11⤵
        
        PID:4848
        
        C:\Users\Admin\Documents\Rod_sSje63WNfcwCWiISsGD4.exe
        
        "C:\Users\Admin\Documents\Rod_sSje63WNfcwCWiISsGD4.exe"
        11⤵
        
        PID:6692
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        "C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe"
        11⤵
        
        PID:7676
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:8956
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:7352
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:9056
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:7620
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:9340
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:9836
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:5104
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:8000
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:10352
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:10780
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:9532
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:7888
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:11452
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:11984
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:8024
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:8236
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:10772
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:13076
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:12708
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:9620
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:7684
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:13936
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:11352
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:13576
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:14656
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:14220
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:9888
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:15788
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:15200
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:14792
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:16456
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:17088
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:16720
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18336
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18316
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18212
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18980
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18456
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18156
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:13720
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:19880
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:20400
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:20100
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:15008
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:21404
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:20784
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:20952
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:21544
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:22268
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:20708
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:22620
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:18176
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:23348
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:23848
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:22364
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:22576
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:26020
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:24660
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:26600
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:7284
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:26772
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:27532
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:27276
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:24484
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:27740
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:26288
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:2256
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:29176
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:13700
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:29856
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:30632
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:31924
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:30460
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:4540
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:27180
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:29264
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:30424
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:24584
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:16264
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:32264
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:33300
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:22024
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:33392
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:22092
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:32284
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:34384
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:20040
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:33960
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        
        C:\Users\Admin\Documents\ri89_pyuH9azQ2_wkkX5Ravs.exe
        12⤵
        
        PID:34860
        
        C:\Users\Admin\Documents\zt0Obw75bRP4nRqQDCzmLSDI.exe
        
        "C:\Users\Admin\Documents\zt0Obw75bRP4nRqQDCzmLSDI.exe"
        11⤵
        
        PID:6888
        
        C:\Users\Admin\Documents\HUG8imodlgGegkMc9BarAM_I.exe
        
        "C:\Users\Admin\Documents\HUG8imodlgGegkMc9BarAM_I.exe"
        11⤵
        
        PID:7212
        
        C:\Users\Admin\Documents\MSfnmJy2gKf1F9xRoWf8oZ_V.exe
        
        "C:\Users\Admin\Documents\MSfnmJy2gKf1F9xRoWf8oZ_V.exe"
        11⤵
        
        PID:8188
        
        C:\Users\Admin\Documents\CUu9FmikUsQLQKxXhUyMInrP.exe
        
        "C:\Users\Admin\Documents\CUu9FmikUsQLQKxXhUyMInrP.exe"
        11⤵
        
        PID:7244
        
        C:\Users\Admin\Documents\Cs66I6RbkScYXRKJ0p_AT1fz.exe
        
        "C:\Users\Admin\Documents\Cs66I6RbkScYXRKJ0p_AT1fz.exe"
        11⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 636
        12⤵
        Program crash
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 680
        12⤵
        Program crash
        
        PID:5204
        
        C:\Users\Admin\Documents\lxb5ViUNQOHMQw_y_jbLSXSO.exe
        
        "C:\Users\Admin\Documents\lxb5ViUNQOHMQw_y_jbLSXSO.exe"
        11⤵
        
        PID:8208
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        "C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe"
        11⤵
        
        PID:8240
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:9120
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:8688
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:9060
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:8204
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:9448
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:9996
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:6344
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:10408
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:8692
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:10836
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:10316
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:10692
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:11576
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:12172
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:11848
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:11960
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:12392
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:13224
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:12696
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:12324
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:13648
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:14312
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:10124
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:14112
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:15224
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:6900
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:5692
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:15980
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:15612
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:15928
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:16832
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:17616
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:18348
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:18132
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:17896
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:19072
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:17212
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:9808
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:19572
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:20196
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:8980
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:19228
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:20492
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:21168
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:1840
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:19732
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:21052
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:21856
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:20256
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:14548
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:22672
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:22532
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:23300
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:23904
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:23488
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:21620
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:24368
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:26160
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:20768
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:21576
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:27228
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:24292
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:22032
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:26292
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:21224
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:28580
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:28608
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:25228
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:29484
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:29116
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:30292
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:31404
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:32376
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:32700
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:28324
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:32692
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:29104
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:26116
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:29456
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:28900
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:30132
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:28344
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:33184
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:33680
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:27096
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:32584
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:33420
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:34024
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:32348
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:34852
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        
        C:\Users\Admin\Documents\CU2mP5ZZqo57LgFK92gug3MY.exe
        12⤵
        
        PID:33976
        
        C:\Users\Admin\Documents\lQqQaKwgR31OLncN3BP4hUYe.exe
        
        "C:\Users\Admin\Documents\lQqQaKwgR31OLncN3BP4hUYe.exe"
        11⤵
        
        PID:6008
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        "C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe"
        11⤵
        
        PID:6916
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:10924
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:10608
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:10612
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:11692
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:12248
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:11836
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:12692
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:12228
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:8220
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:12220
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:12604
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:13372
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:14096
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:13452
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:13676
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:14692
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:14592
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:1356
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:15696
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:16332
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:16360
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:14172
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:16932
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:17428
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:18304
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:18272
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:18520
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:19164
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:18332
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:18864
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:19392
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:19788
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20476
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20032
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20456
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20624
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:21240
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20676
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20740
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:21808
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20880
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:22360
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:22052
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:23528
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:22740
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:23928
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:23328
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:20316
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:26100
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:21540
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:16060
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:26356
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:26972
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:26388
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:23960
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:28008
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:27068
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:18812
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:24128
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:29284
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:28756
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:29924
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:30468
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:32120
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:27404
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:28268
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:32600
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:32016
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:1228
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:32064
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:28684
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:30428
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:27228
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:33508
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:30476
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:24512
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:24304
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:28444
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:33812
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:34676
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:32848
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:33236
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        
        C:\Users\Admin\Documents\4Fhg7kFCkC1nQQtmTFz1bYm_.exe
        12⤵
        
        PID:35396
        
        C:\Users\Admin\Documents\fZmMAsfqHO06d_1_dIpB6QBT.exe
        
        "C:\Users\Admin\Documents\fZmMAsfqHO06d_1_dIpB6QBT.exe"
        11⤵
        
        PID:10212
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        "C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe"
        11⤵
        
        PID:2268
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:10740
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:11276
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:11868
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:5300
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:7248
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:12984
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:12888
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:12236
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:12956
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:13036
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:13868
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:8488
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:14288
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:14464
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15164
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:14464
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15368
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:16016
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15704
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:14848
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:16868
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:17676
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15812
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:18152
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:18636
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:19328
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:17776
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:19432
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:19464
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:20128
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:1232
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:16224
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:21100
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:20528
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15252
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:21644
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:22184
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:5804
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:17148
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:23020
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15356
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:17768
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:24296
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:23612
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:17256
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:5848
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:26280
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:19620
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:17284
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:27192
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:26644
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:18748
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:27984
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:27076
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:20332
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:27680
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:29076
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:29692
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:29464
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:30344
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:31480
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:32672
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:19096
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:28568
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:32200
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:25432
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:32628
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:24312
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:27308
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:33488
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:33008
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:15332
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:32652
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:33256
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:34340
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:32872
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:34960
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:34092
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        
        C:\Users\Admin\Documents\zALM14SdsPUgVF45oahoeXc7.exe
        12⤵
        
        PID:35744
        
        C:\Users\Admin\Documents\RQ8lmEpeuEMCwFpYM_2W7LoW.exe
        
        "C:\Users\Admin\Documents\RQ8lmEpeuEMCwFpYM_2W7LoW.exe"
        11⤵
        
        PID:9988
        
        C:\Users\Admin\Documents\LC3zYd4YSCUYBRI81R2rmNuJ.exe
        
        "C:\Users\Admin\Documents\LC3zYd4YSCUYBRI81R2rmNuJ.exe"
        11⤵
        
        PID:9368
        
        C:\Users\Admin\Documents\eFZMwO3rU7hPltfEgtubAuJf.exe
        
        "C:\Users\Admin\Documents\eFZMwO3rU7hPltfEgtubAuJf.exe"
        11⤵
        
        PID:9004
        
        C:\Users\Admin\Documents\sy6Zj68l8wTlRtGWw8xO14KM.exe
        
        "C:\Users\Admin\Documents\sy6Zj68l8wTlRtGWw8xO14KM.exe"
        11⤵
        
        PID:6536
        
        C:\Users\Admin\Documents\bv8PBCIwAKnRa4G_URGCnclx.exe
        
        "C:\Users\Admin\Documents\bv8PBCIwAKnRa4G_URGCnclx.exe"
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c cmd < Col.aif
        12⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd
        13⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /V /R "^UhYfGpTuZrzSdFeMeNaCLTnviEufMXMBGeXCcrpOPaOzqZuKoyxOwRoqPBiweDxedSkhHmsZEDNattvoncuHDYmPUWNUViMkYMeiOSrJOcpnrPVKtZDGvNnaaczLMvrvRBxaegxFabToO$" Conquista.aif
        14⤵
        
        PID:32624
        
        C:\Users\Admin\Documents\hvOGo8TVJw79ypfBSCNvtTcz.exe
        
        "C:\Users\Admin\Documents\hvOGo8TVJw79ypfBSCNvtTcz.exe"
        11⤵
        
        PID:9636
        
        C:\Users\Admin\Documents\lEjWYkT52X2RYmU_an5ebNP6.exe
        
        "C:\Users\Admin\Documents\lEjWYkT52X2RYmU_an5ebNP6.exe"
        11⤵
        
        PID:9944
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\gnx4oh2p.w3j\gcleaner.exe /mixfive & exit
        9⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\gnx4oh2p.w3j\gcleaner.exe
        
        C:\Users\Admin\AppData\Local\Temp\gnx4oh2p.w3j\gcleaner.exe /mixfive
        10⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 648
        11⤵
        Program crash
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 660
        11⤵
        Program crash
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 664
        11⤵
        Program crash
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 660
        11⤵
        Program crash
        
        PID:5764
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\b1kjs3o3.vih\bumperWW1.exe & exit
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\b1kjs3o3.vih\bumperWW1.exe
        
        C:\Users\Admin\AppData\Local\Temp\b1kjs3o3.vih\bumperWW1.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\Documents\9DYLV3oiLBq1YiVm2CvPmH85.exe
        
        "C:\Users\Admin\Documents\9DYLV3oiLBq1YiVm2CvPmH85.exe"
        11⤵
        
        PID:8228
        
        C:\Users\Admin\Documents\a6k25RlTutnAiUS909nFnMD8.exe
        
        "C:\Users\Admin\Documents\a6k25RlTutnAiUS909nFnMD8.exe"
        11⤵
        
        PID:9076
        
        C:\Users\Admin\Documents\L8JetGR9ftBADnNyBamZZcm_.exe
        
        "C:\Users\Admin\Documents\L8JetGR9ftBADnNyBamZZcm_.exe"
        11⤵
        
        PID:7300
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        "C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe"
        11⤵
        Executes dropped EXE
        
        PID:4264
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:10024
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:9608
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:10084
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:10564
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:10916
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:8752
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:10900
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:11604
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:12220
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:11784
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:12416
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:13084
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:12828
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:12444
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:12220
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:13964
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:9296
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14220
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14276
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:15112
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14828
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14432
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:15468
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:16160
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:15716
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:6880
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:16780
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:17372
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:16536
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:18220
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:18180
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14400
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:18864
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:19364
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:16652
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:13408
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:19548
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:20084
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:18712
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:21136
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:20500
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:15916
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:21720
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:21932
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:22476
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:18408
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:23304
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:23296
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:21600
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:24040
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:22844
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:24560
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:25748
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:25104
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:26468
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:26296
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:26712
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:27516
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:27460
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:21388
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:27596
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:28360
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:21224
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:28688
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:29320
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:28740
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:29956
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:24596
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:32400
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:24336
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:32176
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:29688
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:26200
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:30208
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:30048
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14472
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:30416
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:33088
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:33524
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:14432
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:33224
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:33756
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:31164
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:34524
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:34264
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:31412
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:35232
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        
        C:\Users\Admin\Documents\rV4sJ3lFGhZMkhBz2jp9V9Vc.exe
        12⤵
        
        PID:23856
        
        C:\Users\Admin\Documents\lujll9nSPK92LrftB7eOrhSY.exe
        
        "C:\Users\Admin\Documents\lujll9nSPK92LrftB7eOrhSY.exe"
        11⤵
        
        PID:8864
        
        C:\Users\Admin\Documents\xeBnM4ZajKSUz2d4Ueh5pM9w.exe
        
        "C:\Users\Admin\Documents\xeBnM4ZajKSUz2d4Ueh5pM9w.exe"
        11⤵
        
        PID:8180
        
        C:\Users\Admin\Documents\ylGKyQlQfjDmtmySKNil0Xfc.exe
        
        "C:\Users\Admin\Documents\ylGKyQlQfjDmtmySKNil0Xfc.exe"
        11⤵
        
        PID:7228
        
        C:\Users\Admin\Documents\KeJAj9ln1rymuoxQ8DUCxGfY.exe
        
        "C:\Users\Admin\Documents\KeJAj9ln1rymuoxQ8DUCxGfY.exe"
        11⤵
        
        PID:9268
        
        C:\Users\Admin\Documents\KeJAj9ln1rymuoxQ8DUCxGfY.exe
        
        "C:\Users\Admin\Documents\KeJAj9ln1rymuoxQ8DUCxGfY.exe"
        12⤵
        
        PID:9968
        
        C:\Users\Admin\Documents\zqqFKpN83N6hUQlJw6xBr2Tq.exe
        
        "C:\Users\Admin\Documents\zqqFKpN83N6hUQlJw6xBr2Tq.exe"
        11⤵
        
        PID:9260
        
        C:\Users\Admin\Documents\MwaEcG3FWIjZ9pQZLwMqOAp4.exe
        
        "C:\Users\Admin\Documents\MwaEcG3FWIjZ9pQZLwMqOAp4.exe"
        11⤵
        
        PID:9356
        
        C:\Users\Admin\Documents\z3sKBCwPeRPMGwdFpm0wRK5g.exe
        
        "C:\Users\Admin\Documents\z3sKBCwPeRPMGwdFpm0wRK5g.exe"
        11⤵
        
        PID:9400
        
        C:\Users\Admin\Documents\8vM_UYTP8OMfgB5MvcnSl6zR.exe
        
        "C:\Users\Admin\Documents\8vM_UYTP8OMfgB5MvcnSl6zR.exe"
        11⤵
        
        PID:9508
        
        C:\Users\Admin\Documents\s3ajyFIRTDal06PFGOj2js75.exe
        
        "C:\Users\Admin\Documents\s3ajyFIRTDal06PFGOj2js75.exe"
        11⤵
        
        PID:9612
        
        C:\Users\Admin\Documents\uYsk9rDVwJmU7KkaTRS6IKQo.exe
        
        "C:\Users\Admin\Documents\uYsk9rDVwJmU7KkaTRS6IKQo.exe"
        11⤵
        
        PID:9784
        
        C:\Users\Admin\Documents\C_0P74WuS1YhkJOBUcISNwCd.exe
        
        "C:\Users\Admin\Documents\C_0P74WuS1YhkJOBUcISNwCd.exe"
        11⤵
        
        PID:9816
        
        C:\Users\Admin\Documents\ZaGiHLK9gmZD31uhWqXrn4w1.exe
        
        "C:\Users\Admin\Documents\ZaGiHLK9gmZD31uhWqXrn4w1.exe"
        11⤵
        
        PID:9424
        
        C:\Users\Admin\Documents\ckcx5QGYnvPsVmQ2r0QGIMZ5.exe
        
        "C:\Users\Admin\Documents\ckcx5QGYnvPsVmQ2r0QGIMZ5.exe"
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c cmd < Nobile.docm
        12⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd
        13⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /V /R "^mFzuIhvmvbdHpfegBQvdRBWtkZruqmiMQZvPfzkmbfdsclZwZBnIIvmXJgVJldnWdERlThYiFXSCkFJqZwimwmrxmnuwnBfiQxqRzPi$" Vederlo.docm
        14⤵
        
        PID:28840
        
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rimasta.exe.com
        
        Rimasta.exe.com J
        14⤵
        
        PID:35500
        
        C:\Windows\SysWOW64\dllhost.exe
        
        dllhost.exe
        12⤵
        
        PID:10124
        
        C:\Users\Admin\Documents\UuLdb0hu2ljAcjXK2HhJZUIE.exe
        
        "C:\Users\Admin\Documents\UuLdb0hu2ljAcjXK2HhJZUIE.exe"
        11⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C taskkill /F /PID 11112 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\UuLdb0hu2ljAcjXK2HhJZUIE.exe"
        12⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /PID 11112
        13⤵
        Kills process with taskkill
        
        PID:13868
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C taskkill /F /PID 11112 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Documents\UuLdb0hu2ljAcjXK2HhJZUIE.exe"
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /PID 11112
        13⤵
        Kills process with taskkill
        
        PID:14248
        
        C:\Users\Admin\Documents\lGWEBrO2ELUEjBVGqGZH6UJt.exe
        
        "C:\Users\Admin\Documents\lGWEBrO2ELUEjBVGqGZH6UJt.exe"
        11⤵
        
        PID:11104
        
        C:\Users\Admin\Documents\LOVTzORi_ULZfpJsj9YSzUfW.exe
        
        "C:\Users\Admin\Documents\LOVTzORi_ULZfpJsj9YSzUfW.exe"
        11⤵
        
        PID:11096
        
        C:\Users\Admin\Documents\LroDWPn8xyKdEkRdnAQDs__X.exe
        
        "C:\Users\Admin\Documents\LroDWPn8xyKdEkRdnAQDs__X.exe"
        11⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\dllhost.exe
        
        dllhost.exe
        12⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c cmd < Col.aif
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd
        13⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr /V /R "^UhYfGpTuZrzSdFeMeNaCLTnviEufMXMBGeXCcrpOPaOzqZuKoyxOwRoqPBiweDxedSkhHmsZEDNattvoncuHDYmPUWNUViMkYMeiOSrJOcpnrPVKtZDGvNnaaczLMvrvRBxaegxFabToO$" Conquista.aif
        14⤵
        
        PID:33212
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        "C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe"
        11⤵
        
        PID:11080
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:11824
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:11352
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:12024
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:11936
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:12300
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:12732
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:6864
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:13140
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:13544
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:14044
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:10728
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:13984
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:14372
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:15280
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:7540
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:15512
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:15952
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:15504
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:8468
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:16804
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:7976
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:18276
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:6460
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:17956
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:18940
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:19432
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:13708
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:18840
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:19492
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:20136
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:14428
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:13880
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:20632
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:21280
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:20592
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:8952
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:21684
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:22408
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:22076
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:22560
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:22028
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:16532
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:24160
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:22096
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:24532
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:24956
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:14140
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:26572
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:5712
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:10108
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:27396
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:26508
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:16284
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:28128
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:18592
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:28192
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:25100
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:29244
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:29624
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:28332
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:30368
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:20456
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:5384
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:29752
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:31520
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:14780
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:17036
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:25268
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:32520
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:32192
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:32816
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:29200
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:33532
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:21320
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:23164
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:33192
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:34052
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:30768
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:33644
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:30736
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:35284
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        
        C:\Users\Admin\Documents\FdOo5eFcPep3L8TGN5UhK8PG.exe
        12⤵
        
        PID:34624
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        "C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe"
        11⤵
        
        PID:11072
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:11832
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:6776
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:12164
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:12224
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:12628
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:3796
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:11952
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:11308
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:13840
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:12776
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:14240
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:14416
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:15296
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:14960
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:14460
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:15740
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:16220
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:8288
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:15720
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:16748
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:15920
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:17656
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:18388
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:17640
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:18584
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:19084
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:18276
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:18540
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:14024
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:19800
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:20336
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:19916
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:20076
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:21348
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:20688
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:17772
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:20908
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:21900
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:17884
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:22184
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:23196
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:22616
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:23660
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:24352
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:23900
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:24620
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:23312
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:26360
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:24292
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:16388
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:27000
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:23728
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:27420
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:25060
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:27776
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:7960
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:25000
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:29188
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:28496
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:29900
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:31304
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:32204
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:24604
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:31340
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:32128
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:29876
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:30480
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:21236
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:22444
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:32228
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:33424
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:32904
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:14844
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:33768
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:33856
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:34460
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:31512
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:34296
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:35108
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        
        C:\Users\Admin\Documents\QEYG8xjW0lDemRQWUs7plGcN.exe
        12⤵
        
        PID:35804
        
        C:\Users\Admin\Documents\qkWhuvHlkvwG7fmbavxb_tEd.exe
        
        "C:\Users\Admin\Documents\qkWhuvHlkvwG7fmbavxb_tEd.exe"
        11⤵
        
        PID:11064
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        "C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe"
        11⤵
        
        PID:11056
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:11812
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:6836
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:7200
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:12476
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:12912
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:8636
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:9652
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:13316
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:14224
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:14080
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:10728
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:14828
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:11436
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:14528
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:15684
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:16300
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:14976
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:15784
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:16916
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:17684
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:18416
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:17888
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:18628
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:19296
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:18780
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:13424
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:18156
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:19996
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:16356
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:16284
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:1816
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:20888
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:4048
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:19376
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:16528
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:22152
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:13340
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:16436
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:23492
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:23536
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:23860
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:20268
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:23292
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:25784
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:25220
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:25640
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:10804
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:26736
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:27280
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:26616
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:27552
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:18656
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:21388
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:28008
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:18440
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:29056
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:29508
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:28504
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:30088
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:28952
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:32144
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:30240
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:21776
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:32604
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:32216
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:21704
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:9320
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:29908
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:24052
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:30612
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:33516
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:33052
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:33752
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:27480
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:33932
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:34768
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:34456
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:32316
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        
        C:\Users\Admin\Documents\yV7fWahim2n_XMgOjZ3ih8V2.exe
        12⤵
        
        PID:35556
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\xbhd1hix.lsg\autosubplayer.exe /S & exit
        9⤵
        
        PID:7224
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\4dcvc54d.izf\installer.exe /qn CAMPAIGN=654 & exit
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\4dcvc54d.izf\installer.exe
        
        C:\Users\Admin\AppData\Local\Temp\4dcvc54d.izf\installer.exe /qn CAMPAIGN=654
        10⤵
        
        PID:5516
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\3wtfx33j.rvz\app.exe /8-2222 & exit
        9⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\3wtfx33j.rvz\app.exe
        
        C:\Users\Admin\AppData\Local\Temp\3wtfx33j.rvz\app.exe /8-2222
        10⤵
        
        PID:6068
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue11f251db82fb7b.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11f251db82fb7b.exe
        
        Tue11f251db82fb7b.exe
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
        
        "C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
        6⤵
        Executes dropped EXE
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Chrome 5.exe"
        7⤵
        Executes dropped EXE
        
        PID:4252
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"' & exit
        8⤵
        
        PID:6532
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Users\Admin\AppData\Roaming\services64.exe"'
        9⤵
        Creates scheduled task(s)
        
        PID:6784
        
        C:\Users\Admin\AppData\Roaming\services64.exe
        
        "C:\Users\Admin\AppData\Roaming\services64.exe"
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe
        
        "C:\Users\Admin\AppData\Local\Temp\PublicDwlBrowser1100.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4380
        
        C:\Users\Admin\AppData\Roaming\8032223.exe
        
        "C:\Users\Admin\AppData\Roaming\8032223.exe"
        8⤵
        Executes dropped EXE
        
        PID:4160
        
        C:\Users\Admin\AppData\Roaming\1515706.exe
        
        "C:\Users\Admin\AppData\Roaming\1515706.exe"
        8⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Users\Admin\AppData\Roaming\4840225.exe
        
        "C:\Users\Admin\AppData\Roaming\4840225.exe"
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Roaming\6323708.exe
        
        "C:\Users\Admin\AppData\Roaming\6323708.exe"
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Roaming\4430467.exe
        
        "C:\Users\Admin\AppData\Roaming\4430467.exe"
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
        
        "C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
        8⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 316
        9⤵
        Program crash
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 296
        9⤵
        Program crash
        
        PID:732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 332
        9⤵
        Program crash
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 592
        9⤵
        Program crash
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 656
        9⤵
        Program crash
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 664
        9⤵
        Program crash
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 676
        9⤵
        Program crash
        
        PID:864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 668
        9⤵
        Program crash
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 784
        9⤵
        Program crash
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 632
        9⤵
        Program crash
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\setup.exe"
        7⤵
        Executes dropped EXE
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 804
        8⤵
        Program crash
        Suspicious use of AdjustPrivilegeToken
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 828
        8⤵
        Program crash
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 900
        8⤵
        Program crash
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 904
        8⤵
        Program crash
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 976
        8⤵
        Program crash
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1348
        8⤵
        Program crash
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1388
        8⤵
        Program crash
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1392
        8⤵
        Program crash
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1108
        8⤵
        Program crash
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\setup_2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\setup_2.exe"
        7⤵
        Executes dropped EXE
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\is-6L0FS.tmp\setup_2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-6L0FS.tmp\setup_2.tmp" /SL5="$70064,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\setup_2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT
        9⤵
        Executes dropped EXE
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\is-HBCCG.tmp\setup_2.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-HBCCG.tmp\setup_2.tmp" /SL5="$30208,140785,56832,C:\Users\Admin\AppData\Local\Temp\setup_2.exe" /SILENT
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\3002.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3002.exe"
        7⤵
        Executes dropped EXE
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\3002.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3002.exe" -a
        8⤵
        Executes dropped EXE
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\jhuuee.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jhuuee.exe"
        7⤵
        Executes dropped EXE
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BearVpn 3.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Alfanewfile2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Alfanewfile2.exe"
        7⤵
        Executes dropped EXE
        
        PID:4428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c taskkill /im Alfanewfile2.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\Alfanewfile2.exe" & del C:\ProgramData\*.dll & exit
        8⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im Alfanewfile2.exe /f
        9⤵
        Kills process with taskkill
        
        PID:6616
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6
        9⤵
        Delays execution with timeout.exe
        
        PID:7072
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue1109eec571ac.exe /mixone
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue1109eec571ac.exe
        
        Tue1109eec571ac.exe /mixone
        5⤵
        Executes dropped EXE
        
        PID:2964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 664
        6⤵
        Program crash
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 704
        6⤵
        Program crash
        Suspicious use of AdjustPrivilegeToken
        
        PID:3724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 700
        6⤵
        Program crash
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 712
        6⤵
        Program crash
        
        PID:4712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 908
        6⤵
        Program crash
        
        PID:6044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 984
        6⤵
        Program crash
        
        PID:1792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 1148
        6⤵
        Program crash
        
        PID:5244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 1156
        6⤵
        Program crash
        
        PID:5992
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue11bc0507b56295.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11bc0507b56295.exe
        
        Tue11bc0507b56295.exe
        5⤵
        Executes dropped EXE
        
        PID:1036
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue11141271fbe5877f.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11141271fbe5877f.exe
        
        Tue11141271fbe5877f.exe
        5⤵
        Executes dropped EXE
        
        PID:3724
      - C:\ProgramData\3845775.exe
        
        "C:\ProgramData\3845775.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4192
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4192 -s 1964
        7⤵
        Program crash
        
        PID:6816
      - C:\ProgramData\5767811.exe
        
        "C:\ProgramData\5767811.exe"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4296
        
        C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe
        
        "C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"
        7⤵
        Executes dropped EXE
        
        PID:4728
      - C:\ProgramData\3972588.exe
        
        "C:\ProgramData\3972588.exe"
        6⤵
        Executes dropped EXE
        Checks BIOS information in registry
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        
        PID:4692
      - C:\ProgramData\3700928.exe
        
        "C:\ProgramData\3700928.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 2008
        7⤵
        Program crash
        
        PID:4432
      - C:\ProgramData\7544302.exe
        
        "C:\ProgramData\7544302.exe"
        6⤵
        Executes dropped EXE
        Checks BIOS information in registry
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        
        PID:3676
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue112c483dd3245d.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:500
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue112c483dd3245d.exe
        
        Tue112c483dd3245d.exe
        5⤵
        Executes dropped EXE
        Modifies system certificate store
        
        PID:3432
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c taskkill /im Tue112c483dd3245d.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue112c483dd3245d.exe" & del C:\ProgramData\*.dll & exit
        6⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /im Tue112c483dd3245d.exe /f
        7⤵
        Kills process with taskkill
        
        PID:5184
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 6
        7⤵
        Delays execution with timeout.exe
        
        PID:7136
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue118f55232e4.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue118f55232e4.exe
        
        Tue118f55232e4.exe
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1408
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c taskkill /f /im chrome.exe
        6⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im chrome.exe
        7⤵
        Kills process with taskkill
        
        PID:5644
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Tue11e4e580f2e8141a3.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1180

C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
Tue11e4e580f2e8141a3.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3336
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:4264
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5304
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5968
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5752
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:3452
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:4212
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5612
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5476
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:6324
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:6668
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:6148
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5172
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:6228
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:5184
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:4936
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:7448
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:8140
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:6016
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:8544
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:8916
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:8580
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:8984
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:7016
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:8692
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:9628
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:10160
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:9948
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:9436
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:10576
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:10932
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:10640
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:188
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:11560
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:12156
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:11896
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:12492
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13276
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13232
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13200
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13508
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:14200
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:12364
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13880
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:14780
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13232
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:13172
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:15456
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:16108
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:15492
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:16152
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:16772
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:16396
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:18248
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:17476
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:18192
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:19032
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:17220
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:18404
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:18332
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:19964
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:20384
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:14596
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:19940
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:21476
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:20820
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:17860
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:21580
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:22312
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:21916
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:21784
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:23440
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:20984
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:23680
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:24388
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:23340
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:24664
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:16388
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:26216
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:24844
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:18992
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:26956
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:26340
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:27392
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:27320
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:28772
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:24980
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:19108
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:29380
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:28680
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:30008
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:14832
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:32088
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:32736
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:32504
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:29684
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:27888
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:24836
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:31944
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:32276
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:22596
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:33360
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:28728
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:33092
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:29940
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:16284
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:20144
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:34616
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:34360
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:34324
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:35316
- C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4FE6C6F4\Tue11e4e580f2e8141a3.exe
  2⤵
  PID:35764

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
PID:5344

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:5288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SystemNetworkService
1⤵
PID:5536

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:6848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
  2⤵
  PID:6864

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:7080

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4348

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:1044
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F6CBF02F4AE36CA449A7966DA6C700B7 C
  2⤵
  PID:7648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2436

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\45cfea6040a44ebc8db5f7942a00fee7 /t 4840 /p 2436
1⤵
PID:9864

C:\Windows\SysWOW64\dllhost.exe
dllhost.exe
1⤵
PID:10072

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
1⤵
- Process spawned unexpected child process
PID:11296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global
  2⤵
  PID:11396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/352-442-0x0000024CEF560000-0x0000024CEF5D4000-memory.dmp

Filesize
464KB

Download
memory/356-490-0x0000012BA4B40000-0x0000012BA4BB4000-memory.dmp

Filesize
464KB

Download
memory/1036-200-0x0000000002B50000-0x0000000002C9A000-memory.dmp

Filesize
1.3MB

Download
memory/1036-203-0x0000000000400000-0x0000000002B48000-memory.dmp

Filesize
39.3MB

Download
memory/1040-197-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1084-481-0x0000021DCF0E0000-0x0000021DCF154000-memory.dmp

Filesize
464KB

Download
memory/1220-508-0x0000029164880000-0x00000291648F4000-memory.dmp

Filesize
464KB

Download
memory/1368-418-0x0000021A30C50000-0x0000021A30C9D000-memory.dmp

Filesize
308KB

Download
memory/1368-411-0x0000021A30D10000-0x0000021A30D84000-memory.dmp

Filesize
464KB

Download
memory/1416-483-0x000002350A940000-0x000002350A9B4000-memory.dmp

Filesize
464KB

Download
memory/1820-503-0x00000214E5F90000-0x00000214E6004000-memory.dmp

Filesize
464KB

Download
memory/2156-189-0x00000000068D0000-0x00000000068D1000-memory.dmp

Filesize
4KB

Download
memory/2156-188-0x00000000069F0000-0x00000000069F1000-memory.dmp

Filesize
4KB

Download
memory/2156-208-0x0000000007780000-0x0000000007781000-memory.dmp

Filesize
4KB

Download
memory/2156-259-0x0000000008110000-0x0000000008111000-memory.dmp

Filesize
4KB

Download
memory/2156-206-0x0000000006EE0000-0x0000000006EE1000-memory.dmp

Filesize
4KB

Download
memory/2156-193-0x0000000007030000-0x0000000007031000-memory.dmp

Filesize
4KB

Download
memory/2156-195-0x00000000069F2000-0x00000000069F3000-memory.dmp

Filesize
4KB

Download
memory/2156-214-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/2156-395-0x00000000069F3000-0x00000000069F4000-memory.dmp

Filesize
4KB

Download
memory/2156-207-0x0000000007710000-0x0000000007711000-memory.dmp

Filesize
4KB

Download
memory/2156-256-0x0000000006C60000-0x0000000006C61000-memory.dmp

Filesize
4KB

Download
memory/2156-378-0x000000007FBA0000-0x000000007FBA1000-memory.dmp

Filesize
4KB

Download
memory/2204-376-0x0000000005070000-0x0000000005071000-memory.dmp

Filesize
4KB

Download
memory/2264-416-0x00000000055A0000-0x0000000005BA6000-memory.dmp

Filesize
6.0MB

Download
memory/2472-445-0x000001ACA67D0000-0x000001ACA6844000-memory.dmp

Filesize
464KB

Download
memory/2484-450-0x0000014D89F70000-0x0000014D89FE4000-memory.dmp

Filesize
464KB

Download
memory/2804-420-0x000001AC0AD70000-0x000001AC0ADE4000-memory.dmp

Filesize
464KB

Download
memory/2860-166-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2860-160-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2860-131-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2860-181-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2860-132-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2860-184-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2860-133-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2964-202-0x0000000002CC0000-0x0000000002D08000-memory.dmp

Filesize
288KB

Download
memory/2964-204-0x0000000000400000-0x0000000002B61000-memory.dmp

Filesize
39.4MB

Download
memory/3032-285-0x0000000000E80000-0x0000000000E95000-memory.dmp

Filesize
84KB

Download
memory/3336-198-0x0000000005710000-0x0000000005711000-memory.dmp

Filesize
4KB

Download
memory/3336-194-0x0000000005520000-0x0000000005521000-memory.dmp

Filesize
4KB

Download
memory/3336-185-0x0000000005560000-0x0000000005561000-memory.dmp

Filesize
4KB

Download
memory/3336-164-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/3432-205-0x0000000000400000-0x0000000002BB2000-memory.dmp

Filesize
39.7MB

Download
memory/3432-201-0x0000000004850000-0x0000000004921000-memory.dmp

Filesize
836KB

Download
memory/3676-337-0x0000000005EB0000-0x00000000064B6000-memory.dmp

Filesize
6.0MB

Download
memory/3676-332-0x00000000776B0000-0x000000007783E000-memory.dmp

Filesize
1.6MB

Download
memory/3724-196-0x000000001B7C0000-0x000000001B7C2000-memory.dmp

Filesize
8KB

Download
memory/3724-191-0x00000000029F0000-0x0000000002A05000-memory.dmp

Filesize
84KB

Download
memory/3724-183-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/3976-186-0x000000001B000000-0x000000001B002000-memory.dmp

Filesize
8KB

Download
memory/3976-177-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/4092-173-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4136-212-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/4144-310-0x00000000049D0000-0x00000000049D1000-memory.dmp

Filesize
4KB

Download
memory/4144-298-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/4160-373-0x000000001B940000-0x000000001B942000-memory.dmp

Filesize
8KB

Download
memory/4192-230-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/4192-258-0x000000001AE80000-0x000000001AE82000-memory.dmp

Filesize
8KB

Download
memory/4192-244-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4192-241-0x000000001AE90000-0x000000001AECE000-memory.dmp

Filesize
248KB

Download
memory/4192-218-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/4252-223-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/4296-240-0x00000000029E0000-0x00000000029EC000-memory.dmp

Filesize
48KB

Download
memory/4296-242-0x000000000AA30000-0x000000000AA31000-memory.dmp

Filesize
4KB

Download
memory/4296-228-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/4296-248-0x000000000A5B0000-0x000000000A5B1000-memory.dmp

Filesize
4KB

Download
memory/4296-236-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4296-245-0x000000000A5D0000-0x000000000A5D1000-memory.dmp

Filesize
4KB

Download
memory/4316-391-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4320-314-0x0000000004A40000-0x0000000004A41000-memory.dmp

Filesize
4KB

Download
memory/4320-306-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/4380-235-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/4380-243-0x0000000000720000-0x0000000000735000-memory.dmp

Filesize
84KB

Download
memory/4380-257-0x000000001AF00000-0x000000001AF02000-memory.dmp

Filesize
8KB

Download
memory/4396-374-0x0000000004FC0000-0x00000000055C6000-memory.dmp

Filesize
6.0MB

Download
memory/4428-305-0x0000000000400000-0x0000000002BB2000-memory.dmp

Filesize
39.7MB

Download
memory/4428-300-0x0000000004790000-0x0000000004861000-memory.dmp

Filesize
836KB

Download
memory/4532-260-0x000000001BC80000-0x000000001BC82000-memory.dmp

Filesize
8KB

Download
memory/4532-251-0x0000000000FB0000-0x0000000000FB1000-memory.dmp

Filesize
4KB

Download
memory/4552-279-0x0000000002790000-0x0000000002792000-memory.dmp

Filesize
8KB

Download
memory/4596-326-0x0000000004F70000-0x0000000005576000-memory.dmp

Filesize
6.0MB

Download
memory/4596-311-0x0000000005140000-0x0000000005141000-memory.dmp

Filesize
4KB

Download
memory/4596-303-0x0000000005580000-0x0000000005581000-memory.dmp

Filesize
4KB

Download
memory/4596-307-0x0000000005010000-0x0000000005011000-memory.dmp

Filesize
4KB

Download
memory/4596-293-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/4664-328-0x0000000004790000-0x00000000047BF000-memory.dmp

Filesize
188KB

Download
memory/4664-334-0x0000000000400000-0x0000000002B53000-memory.dmp

Filesize
39.3MB

Download
memory/4692-330-0x0000000005520000-0x0000000005B26000-memory.dmp

Filesize
6.0MB

Download
memory/4692-315-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/4692-308-0x00000000776B0000-0x000000007783E000-memory.dmp

Filesize
1.6MB

Download
memory/4728-302-0x000000000ADF0000-0x000000000ADF1000-memory.dmp

Filesize
4KB

Download
memory/4728-312-0x00000000056A0000-0x00000000056A1000-memory.dmp

Filesize
4KB

Download
memory/4876-282-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4956-500-0x0000000004D60000-0x0000000004D61000-memory.dmp

Filesize
4KB

Download
memory/5020-304-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/5168-393-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/5304-506-0x00000000056C0000-0x0000000005CC6000-memory.dmp

Filesize
6.0MB

Download
memory/5344-408-0x000000000495E000-0x0000000004A5F000-memory.dmp

Filesize
1.0MB

Download
memory/5344-412-0x0000000004AC0000-0x0000000004B1F000-memory.dmp

Filesize
380KB

Download
memory/5452-455-0x00000000776B0000-0x000000007783E000-memory.dmp

Filesize
1.6MB

Download
memory/5452-487-0x0000000005840000-0x0000000005E46000-memory.dmp

Filesize
6.0MB

Download
memory/5492-498-0x0000000000400000-0x0000000002574000-memory.dmp

Filesize
33.5MB

Download
memory/5492-495-0x0000000002E10000-0x000000000372E000-memory.dmp

Filesize
9.1MB

Download
memory/5536-439-0x0000022F54B70000-0x0000022F54BE4000-memory.dmp

Filesize
464KB

Download