amadey | b00302c7a37d30e1d649945bce637c2be5ef5a1055e572df9866ef8281964b65

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2023, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6779cd6f17fa7536c4490cc6d72a00a0.exe
Size

235KB
MD5

6779cd6f17fa7536c4490cc6d72a00a0
SHA1

2976ecc0ecc2800be22fa92868c2173a44e04ee0
SHA256

b00302c7a37d30e1d649945bce637c2be5ef5a1055e572df9866ef8281964b65
SHA512

88e8e38e1c664ebe1aa3c9f7601496b83f3c7ca9916a49573d169a33ae697602737505aaa2af755b6bea19dc38064742876b585a41c6ffaac172a44fb8bdc482
SSDEEP

6144:eLUoeyDABOdDubDXqgraG0JzSRuVyL+VYjQqgE:elu0LgwJ4uVyaV+J

Score

10^/10

amadey redline @redlinevip cloud (tg: @fatherofcarders)re1 tanos temp999 usa discovery evasion infostealer persistence pyinstaller spyware stealer trojan vmprotect

Malware Config

Extracted

Family

amadey

Version

3.66

62.204.41.242/9vZbns/index.php

62.204.41.121/ZxhssZx/index.php

Extracted

Family

redline

Botnet

tanos

62.204.41.159:4062

Attributes

auth_value
bcb77cd67cf9918d25e4b6ae210a9305

Extracted

Family

redline

Botnet

temp999

82.115.223.9:15486

Attributes

auth_value
c12cdc1127b45350218306e5550c987e

Extracted

Family

redline

Botnet

re1

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes

auth_value
ed3efbb6da2413ddef90855eed83d6fa

Extracted

Family

redline

Botnet

@REDLINEVIP Cloud (TG: @FATHEROFCARDERS)

151.80.89.233:13553

Attributes

auth_value
fbee175162920530e6bf470c8003fa1a

Extracted

Family

redline

Botnet

USA

51.89.199.106:17532

Attributes

auth_value
aba751b988df2fba80def49d4d387792

Extracted

Family

amadey

Version

3.65

hellomr.observer/7gjD0Vs3d/index.php

researchersgokick.rocks/7gjD0Vs3d/index.php

pleasetake.pictures/7gjD0Vs3d/index.php

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey

Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	lola1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	lola1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	lola1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	lola1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	lola1.exe

Process spawned unexpected child process 2 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3332	3000	rundll32.exe	33
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3040	3000	rundll32.exe	33

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 2956 created 620	2956	Process not Found	76
PID 2644 created 620	2644	Process not Found	76

Blocklisted process makes network request 1 IoCs

flow	pid	Process
70	4876	cmd.exe

Downloads MZ/PE file

Executes dropped EXE 41 IoCs

pid	Process
1972	nbveek.exe
2948	lola.exe
368	lola1.exe
4184	nesto1.exe
4200	tanos.exe
3552	love1.exe
2276	stown.exe
4440	nesto.exe
3444	stown3.exe
60	stown1.exe
4020	love.exe
2928	legio.exe
2472	nbveek.exe
4668	tanos1.exe
3580	tanos.exe
2624	nesto.exe
3104	700K.exe
4860	USA.exe
1900	svhost.exe
4904	Amadey111111.exe
4804	nbveek.exe
2196	KoverV2_launch.exe
2264	KoverV2_launch.exe
1932	Lionli.exe
2924	Player3.exe
2292	cmd.exe
2348	nbveek.exe
4876	cmd.exe
3724	pb1111.exe
1600	nbveek.exe
3804	handdiy_1.exe
2908	ntlhost.exe
2332	random.exe
5004	random.exe
900	Process not Found
2956	Process not Found
3496	Process not Found
1512	Process not Found
2644	Process not Found
4900	Process not Found
4516	Process not Found

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/files/0x0006000000022e01-187.dat	vmprotect
behavioral2/memory/60-189-0x0000000000400000-0x0000000000920000-memory.dmp	vmprotect
behavioral2/memory/3724-304-0x0000000140000000-0x000000014061E000-memory.dmp	vmprotect

Checks computer location settings 2 TTPs 15 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	random.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	nbveek.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	nbveek.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	nbveek.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	Lionli.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	Player3.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	nbveek.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	KoverV2_launch.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	6779cd6f17fa7536c4490cc6d72a00a0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	legio.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	Process not Found

Loads dropped DLL 33 IoCs

pid	Process
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
2264	KoverV2_launch.exe
3952	rundll32.exe
3448	rundll32.exe
4220	cmd.exe
4144	rundll32.exe
3392	rundll32.exe
3428	rundll32.exe
2624	rundll32.exe
3772	rundll32.exe
3708	rundll32.exe
2644	rundll32.exe
4788	rundll32.exe
960	rundll32.exe
2780	rundll32.exe
4832	rundll32.exe
3756	rundll32.exe
836	rundll32.exe
4668	Process not Found
4216	Process not Found

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	lola.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	lola1.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe"	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lola.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000003051\\lola.exe"	nbveek.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nesto1.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000005051\\nesto1.exe"	nbveek.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tanos.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000006051\\tanos.exe"	nbveek.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nesto.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000010051\\nesto.exe"	nbveek.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tanos1.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000017051\\tanos1.exe"	nbveek.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tanos.exe = "C:\\Users\\Admin\\1000079052\\tanos.exe"	nbveek.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nesto.exe = "C:\\Users\\Admin\\1000080052\\nesto.exe"	nbveek.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\ucrtbased.dll	Process not Found
File opened for modification	C:\Windows\System32\vcruntime140_1d.dll	Process not Found
File opened for modification	C:\Windows\System32\vcruntime140d.dll	Process not Found
File created	C:\Windows\System32\ucrtbased.dll	Process not Found
File created	C:\Windows\System32\vcruntime140_1d.dll	Process not Found
File created	C:\Windows\System32\vcruntime140d.dll	Process not Found

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2956 set thread context of 1956	2956	Process not Found	1988
PID 2644 set thread context of 4392	2644	Process not Found	1996

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js	chrome.exe
File opened for modification	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js	chrome.exe
File created	C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json	chrome.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\$sxr-powershell.exe	Process not Found
File opened for modification	C:\Windows\$sxr-powershell.exe	Process not Found

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x0006000000022e3e-263.dat	pyinstaller
behavioral2/files/0x0006000000022e3e-264.dat	pyinstaller
behavioral2/files/0x0006000000022e3e-267.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 11 IoCs

pid	pid_target	Process	procid_target
1232	4184	WerFault.exe	94
4472	4440	WerFault.exe	98
4244	2624	WerFault.exe	116
3372	3952	WerFault.exe
4172	4220	WerFault.exe	227
3792	3392	WerFault.exe	391
1400	2624	WerFault.exe	568
4748	4788	WerFault.exe	1019
3460	960	WerFault.exe	1020
4380	2780	WerFault.exe	1017
4960	4216	Process not Found	1410

Creates scheduled task(s) 1 TTPs 5 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
1784	schtasks.exe
4604	schtasks.exe
3132	schtasks.exe
552	Process not Found
2088	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	97	Go-http-client/1.1

Kills process with taskkill 1 IoCs

evasion

pid	Process
4200	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings	Process not Found

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1620	Process not Found

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	96	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	70	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2948	lola.exe
2948	lola.exe
368	lola1.exe
368	lola1.exe
3552	love1.exe
3552	love1.exe
4200	tanos.exe
4200	tanos.exe
2276	stown.exe
2276	stown.exe
3444	stown3.exe
3444	stown3.exe
4440	nesto.exe
4184	nesto1.exe
4184	nesto1.exe
4020	love.exe
4440	nesto.exe
60	stown1.exe
4668	cmd.exe
4020	love.exe
3580	tanos.exe
4668	cmd.exe
60	stown1.exe
4860	USA.exe
2624	nesto.exe
3104	700K.exe
3104	700K.exe
2624	nesto.exe
3580	tanos.exe
4860	USA.exe
2396	chrome.exe
2396	chrome.exe
4656	chrome.exe
4656	chrome.exe
628	chrome.exe
628	chrome.exe
1828	chrome.exe
1828	chrome.exe
4328	Process not Found
4328	Process not Found
552	Process not Found
552	Process not Found
3720	Process not Found
3720	Process not Found
3720	Process not Found
4464	Process not Found
4464	Process not Found
2956	Process not Found
2956	Process not Found
2956	Process not Found
3496	Process not Found
3496	Process not Found
3496	Process not Found
1384	Process not Found
1384	Process not Found
1384	Process not Found
2956	Process not Found
1384	Process not Found
1384	Process not Found
1956	Process not Found
1956	Process not Found
1956	Process not Found
1956	Process not Found
5072	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2948	lola.exe
Token: SeDebugPrivilege	368	lola1.exe
Token: SeDebugPrivilege	4184	nesto1.exe
Token: SeDebugPrivilege	4440	nesto.exe
Token: SeDebugPrivilege	3552	love1.exe
Token: SeDebugPrivilege	2276	stown.exe
Token: SeDebugPrivilege	4200	tanos.exe
Token: SeDebugPrivilege	3444	stown3.exe
Token: SeDebugPrivilege	60	stown1.exe
Token: SeDebugPrivilege	4020	love.exe
Token: SeDebugPrivilege	2624	nesto.exe
Token: SeDebugPrivilege	4668	cmd.exe
Token: SeDebugPrivilege	3580	tanos.exe
Token: SeDebugPrivilege	4860	USA.exe
Token: SeDebugPrivilege	3104	700K.exe
Token: SeCreateTokenPrivilege	3804	handdiy_1.exe
Token: SeAssignPrimaryTokenPrivilege	3804	handdiy_1.exe
Token: SeLockMemoryPrivilege	3804	handdiy_1.exe
Token: SeIncreaseQuotaPrivilege	3804	handdiy_1.exe
Token: SeMachineAccountPrivilege	3804	handdiy_1.exe
Token: SeTcbPrivilege	3804	handdiy_1.exe
Token: SeSecurityPrivilege	3804	handdiy_1.exe
Token: SeTakeOwnershipPrivilege	3804	handdiy_1.exe
Token: SeLoadDriverPrivilege	3804	handdiy_1.exe
Token: SeSystemProfilePrivilege	3804	handdiy_1.exe
Token: SeSystemtimePrivilege	3804	handdiy_1.exe
Token: SeProfSingleProcessPrivilege	3804	handdiy_1.exe
Token: SeIncBasePriorityPrivilege	3804	handdiy_1.exe
Token: SeCreatePagefilePrivilege	3804	handdiy_1.exe
Token: SeCreatePermanentPrivilege	3804	handdiy_1.exe
Token: SeBackupPrivilege	3804	handdiy_1.exe
Token: SeRestorePrivilege	3804	handdiy_1.exe
Token: SeShutdownPrivilege	3804	handdiy_1.exe
Token: SeDebugPrivilege	3804	handdiy_1.exe
Token: SeAuditPrivilege	3804	handdiy_1.exe
Token: SeSystemEnvironmentPrivilege	3804	handdiy_1.exe
Token: SeChangeNotifyPrivilege	3804	handdiy_1.exe
Token: SeRemoteShutdownPrivilege	3804	handdiy_1.exe
Token: SeUndockPrivilege	3804	handdiy_1.exe
Token: SeSyncAgentPrivilege	3804	handdiy_1.exe
Token: SeEnableDelegationPrivilege	3804	handdiy_1.exe
Token: SeManageVolumePrivilege	3804	handdiy_1.exe
Token: SeImpersonatePrivilege	3804	handdiy_1.exe
Token: SeCreateGlobalPrivilege	3804	handdiy_1.exe
Token: 31	3804	handdiy_1.exe
Token: 32	3804	handdiy_1.exe
Token: 33	3804	handdiy_1.exe
Token: 34	3804	handdiy_1.exe
Token: 35	3804	handdiy_1.exe
Token: SeDebugPrivilege	4200	taskkill.exe
Token: SeDebugPrivilege	3720	Process not Found
Token: SeDebugPrivilege	2956	Process not Found
Token: SeDebugPrivilege	3496	Process not Found
Token: SeDebugPrivilege	1384	Process not Found
Token: SeDebugPrivilege	2956	Process not Found
Token: SeDebugPrivilege	1956	Process not Found
Token: SeDebugPrivilege	5072	Process not Found
Token: SeDebugPrivilege	1512	Process not Found
Token: SeDebugPrivilege	2644	Process not Found
Token: SeDebugPrivilege	2964	Process not Found
Token: SeDebugPrivilege	2644	Process not Found
Token: SeDebugPrivilege	4392	Process not Found
Token: SeDebugPrivilege	4900	Process not Found
Token: SeDebugPrivilege	4516	Process not Found

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1972	2172	6779cd6f17fa7536c4490cc6d72a00a0.exe	81
PID 2172 wrote to memory of 1972	2172	6779cd6f17fa7536c4490cc6d72a00a0.exe	81
PID 2172 wrote to memory of 1972	2172	6779cd6f17fa7536c4490cc6d72a00a0.exe	81
PID 1972 wrote to memory of 2088	1972	nbveek.exe	82
PID 1972 wrote to memory of 2088	1972	nbveek.exe	82
PID 1972 wrote to memory of 2088	1972	nbveek.exe	82
PID 1972 wrote to memory of 2024	1972	nbveek.exe	84
PID 1972 wrote to memory of 2024	1972	nbveek.exe	84
PID 1972 wrote to memory of 2024	1972	nbveek.exe	84
PID 2024 wrote to memory of 2392	2024	cmd.exe	86
PID 2024 wrote to memory of 2392	2024	cmd.exe	86
PID 2024 wrote to memory of 2392	2024	cmd.exe	86
PID 2024 wrote to memory of 2292	2024	cmd.exe	87
PID 2024 wrote to memory of 2292	2024	cmd.exe	87
PID 2024 wrote to memory of 2292	2024	cmd.exe	87
PID 2024 wrote to memory of 832	2024	cmd.exe	88
PID 2024 wrote to memory of 832	2024	cmd.exe	88
PID 2024 wrote to memory of 832	2024	cmd.exe	88
PID 2024 wrote to memory of 1836	2024	cmd.exe	89
PID 2024 wrote to memory of 1836	2024	cmd.exe	89
PID 2024 wrote to memory of 1836	2024	cmd.exe	89
PID 2024 wrote to memory of 544	2024	cmd.exe	90
PID 2024 wrote to memory of 544	2024	cmd.exe	90
PID 2024 wrote to memory of 544	2024	cmd.exe	90
PID 2024 wrote to memory of 3452	2024	cmd.exe	91
PID 2024 wrote to memory of 3452	2024	cmd.exe	91
PID 2024 wrote to memory of 3452	2024	cmd.exe	91
PID 1972 wrote to memory of 2948	1972	nbveek.exe	92
PID 1972 wrote to memory of 2948	1972	nbveek.exe	92
PID 1972 wrote to memory of 368	1972	nbveek.exe	93
PID 1972 wrote to memory of 368	1972	nbveek.exe	93
PID 1972 wrote to memory of 4184	1972	nbveek.exe	94
PID 1972 wrote to memory of 4184	1972	nbveek.exe	94
PID 1972 wrote to memory of 4184	1972	nbveek.exe	94
PID 1972 wrote to memory of 4200	1972	nbveek.exe	95
PID 1972 wrote to memory of 4200	1972	nbveek.exe	95
PID 1972 wrote to memory of 4200	1972	nbveek.exe	95
PID 1972 wrote to memory of 3552	1972	nbveek.exe	96
PID 1972 wrote to memory of 3552	1972	nbveek.exe	96
PID 1972 wrote to memory of 3552	1972	nbveek.exe	96
PID 1972 wrote to memory of 2276	1972	nbveek.exe	97
PID 1972 wrote to memory of 2276	1972	nbveek.exe	97
PID 1972 wrote to memory of 2276	1972	nbveek.exe	97
PID 1972 wrote to memory of 4440	1972	nbveek.exe	98
PID 1972 wrote to memory of 4440	1972	nbveek.exe	98
PID 1972 wrote to memory of 4440	1972	nbveek.exe	98
PID 1972 wrote to memory of 3444	1972	nbveek.exe	99
PID 1972 wrote to memory of 3444	1972	nbveek.exe	99
PID 1972 wrote to memory of 3444	1972	nbveek.exe	99
PID 1972 wrote to memory of 60	1972	nbveek.exe	100
PID 1972 wrote to memory of 60	1972	nbveek.exe	100
PID 1972 wrote to memory of 60	1972	nbveek.exe	100
PID 1972 wrote to memory of 4020	1972	nbveek.exe	101
PID 1972 wrote to memory of 4020	1972	nbveek.exe	101
PID 1972 wrote to memory of 4020	1972	nbveek.exe	101
PID 1972 wrote to memory of 2928	1972	nbveek.exe	102
PID 1972 wrote to memory of 2928	1972	nbveek.exe	102
PID 1972 wrote to memory of 2928	1972	nbveek.exe	102
PID 2928 wrote to memory of 2472	2928	legio.exe	103
PID 2928 wrote to memory of 2472	2928	legio.exe	103
PID 2928 wrote to memory of 2472	2928	legio.exe	103
PID 2472 wrote to memory of 1784	2472	nbveek.exe	136
PID 2472 wrote to memory of 1784	2472	nbveek.exe	136
PID 2472 wrote to memory of 1784	2472	nbveek.exe	136

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\6779cd6f17fa7536c4490cc6d72a00a0.exe
"C:\Users\Admin\AppData\Local\Temp\6779cd6f17fa7536c4490cc6d72a00a0.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\4b9a106e76\nbveek.exe
  "C:\Users\Admin\AppData\Local\Temp\4b9a106e76\nbveek.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN nbveek.exe /TR "C:\Users\Admin\AppData\Local\Temp\4b9a106e76\nbveek.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:2088
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "nbveek.exe" /P "Admin:N"&&CACLS "nbveek.exe" /P "Admin:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "Admin:N"&&CACLS "..\4b9a106e76" /P "Admin:R" /E&&Exit
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:2392
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "nbveek.exe" /P "Admin:N"
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "nbveek.exe" /P "Admin:R" /E
      4⤵
      PID:832
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:1836
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\4b9a106e76" /P "Admin:N"
      4⤵
      PID:544
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\4b9a106e76" /P "Admin:R" /E
      4⤵
      PID:3452
- - C:\Users\Admin\AppData\Local\Temp\1000003051\lola.exe
    "C:\Users\Admin\AppData\Local\Temp\1000003051\lola.exe"
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\1000004001\lola1.exe
    "C:\Users\Admin\AppData\Local\Temp\1000004001\lola1.exe"
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:368
- - C:\Users\Admin\AppData\Local\Temp\1000005051\nesto1.exe
    "C:\Users\Admin\AppData\Local\Temp\1000005051\nesto1.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4184
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 1944
      4⤵
      Program crash
      PID:1232
- - C:\Users\Admin\AppData\Local\Temp\1000006051\tanos.exe
    "C:\Users\Admin\AppData\Local\Temp\1000006051\tanos.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4200
- - C:\Users\Admin\AppData\Roaming\1000007000\love1.exe
    "C:\Users\Admin\AppData\Roaming\1000007000\love1.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\1000009001\stown.exe
    "C:\Users\Admin\AppData\Local\Temp\1000009001\stown.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2276
- - C:\Users\Admin\AppData\Local\Temp\1000010051\nesto.exe
    "C:\Users\Admin\AppData\Local\Temp\1000010051\nesto.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 1856
      4⤵
      Program crash
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\1000011001\stown3.exe
    "C:\Users\Admin\AppData\Local\Temp\1000011001\stown3.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\1000012001\stown1.exe
    "C:\Users\Admin\AppData\Local\Temp\1000012001\stown1.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:60
- - C:\Users\Admin\AppData\Local\Temp\1000014001\love.exe
    "C:\Users\Admin\AppData\Local\Temp\1000014001\love.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\1000016001\legio.exe
    "C:\Users\Admin\AppData\Local\Temp\1000016001\legio.exe"
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\9e0894bcc4\nbveek.exe
      "C:\Users\Admin\AppData\Local\Temp\9e0894bcc4\nbveek.exe"
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN nbveek.exe /TR "C:\Users\Admin\AppData\Local\Temp\9e0894bcc4\nbveek.exe" /F
        5⤵
        Creates scheduled task(s)
        
        PID:1784
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "nbveek.exe" /P "Admin:N"&&CACLS "nbveek.exe" /P "Admin:R" /E&&echo Y|CACLS "..\9e0894bcc4" /P "Admin:N"&&CACLS "..\9e0894bcc4" /P "Admin:R" /E&&Exit
        5⤵
        
        PID:2420
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        6⤵
        
        PID:4576
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "nbveek.exe" /P "Admin:N"
        6⤵
        
        PID:4296
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "nbveek.exe" /P "Admin:R" /E
        6⤵
        
        PID:548
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        6⤵
        
        PID:4152
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\9e0894bcc4" /P "Admin:N"
        6⤵
        
        PID:4644
      - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\9e0894bcc4" /P "Admin:R" /E
        6⤵
        
        PID:1076
    - - C:\Users\Admin\1000079052\tanos.exe
        
        "C:\Users\Admin\1000079052\tanos.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3580
    - - C:\Users\Admin\1000080052\nesto.exe
        
        "C:\Users\Admin\1000080052\nesto.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 1696
        6⤵
        Program crash
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\1000085001\700K.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000085001\700K.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\1000087001\USA.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000087001\USA.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\1000096001\svhost.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000096001\svhost.exe"
        5⤵
        Executes dropped EXE
        
        PID:1900
      - C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
        
        C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
        6⤵
        Executes dropped EXE
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\1000107001\Amadey111111.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000107001\Amadey111111.exe"
        5⤵
        Executes dropped EXE
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe"
        6⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4804
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN nbveek.exe /TR "C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe" /F
        7⤵
        Creates scheduled task(s)
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "nbveek.exe" /P "Admin:N"&&CACLS "nbveek.exe" /P "Admin:R" /E&&echo Y|CACLS "..\c1e3594748" /P "Admin:N"&&CACLS "..\c1e3594748" /P "Admin:R" /E&&Exit
        7⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        8⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "nbveek.exe" /P "Admin:N"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "nbveek.exe" /P "Admin:R" /E
        8⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        8⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\c1e3594748" /P "Admin:N"
        8⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\c1e3594748" /P "Admin:R" /E
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe"
        7⤵
        Executes dropped EXE
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe"
        8⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        
        PID:2264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 890
        9⤵
        
        PID:5076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 58991
        9⤵
        
        PID:2192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 652607
        9⤵
        
        PID:3492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 199484
        9⤵
        
        PID:2232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 264917
        9⤵
        
        PID:3768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 337014
        9⤵
        
        PID:4688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 283826
        9⤵
        
        PID:4660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 352534
        9⤵
        
        PID:1836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 268444
        9⤵
        
        PID:1288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 410434
        9⤵
        
        PID:5004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 609320
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 682951
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 172027
        9⤵
        
        PID:3648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 522366
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 325176
        9⤵
        
        PID:4412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 564536
        9⤵
        
        PID:4640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 519194
        9⤵
        
        PID:732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 370232
        9⤵
        
        PID:4260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 37090
        9⤵
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 364260
        9⤵
        
        PID:684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 15364
        9⤵
        
        PID:676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 19349
        9⤵
        
        PID:4296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 378376
        9⤵
        
        PID:1552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 58650
        9⤵
        
        PID:2372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 276727
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 80680
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 95504
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 621852
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 7352
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 16984
        9⤵
        
        PID:3376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 535407
        9⤵
        
        PID:3272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 303034
        9⤵
        
        PID:2788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 511949
        9⤵
        
        PID:776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 318030
        9⤵
        
        PID:4636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 23400
        9⤵
        
        PID:3836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 373247
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 298994
        9⤵
        
        PID:2144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 531372
        9⤵
        
        PID:4588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 595348
        9⤵
        
        PID:3568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 494006
        9⤵
        
        PID:4340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 17459
        9⤵
        
        PID:3168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 373589
        9⤵
        
        PID:4972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 519122
        9⤵
        
        PID:3552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 547011
        9⤵
        
        PID:4740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 476095
        9⤵
        
        PID:4744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 207458
        9⤵
        
        PID:4828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 93127
        9⤵
        
        PID:3880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 10962
        9⤵
        
        PID:5092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 43407
        9⤵
        
        PID:3612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 253092
        9⤵
        
        PID:4080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 229457
        9⤵
        
        PID:4484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 115480
        9⤵
        
        PID:5060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 347013
        9⤵
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 246867
        9⤵
        
        PID:1828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 630370
        9⤵
        
        PID:4152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 393812
        9⤵
        
        PID:4784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 568560
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 624486
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 141685
        9⤵
        
        PID:2692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 135811
        9⤵
        
        PID:2800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 576962
        9⤵
        
        PID:3720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 96882
        9⤵
        
        PID:3080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 395770
        9⤵
        
        PID:2024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 198050
        9⤵
        
        PID:2896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 433821
        9⤵
        
        PID:5104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 73268
        9⤵
        
        PID:3748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 81694
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 635845
        9⤵
        
        PID:3648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 640997
        9⤵
        
        PID:4676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 621726
        9⤵
        
        PID:3536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 353988
        9⤵
        
        PID:1200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 96053
        9⤵
        
        PID:60
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 422310
        9⤵
        
        PID:4640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 556440
        9⤵
        
        PID:740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 148434
        9⤵
        
        PID:732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 261306
        9⤵
        
        PID:3228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 35690
        9⤵
        
        PID:4352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 477005
        9⤵
        
        PID:3360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 510890
        9⤵
        
        PID:1308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 8819
        9⤵
        
        PID:536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 158163
        9⤵
        
        PID:3400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 163387
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 648278
        9⤵
        
        PID:4240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 174014
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 533613
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 597503
        9⤵
        
        PID:1848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 648531
        9⤵
        
        PID:760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 263473
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 43428
        9⤵
        
        PID:3120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 361207
        9⤵
        
        PID:4692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 160710
        9⤵
        
        PID:1160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 116393
        9⤵
        
        PID:4304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 148736
        9⤵
        
        PID:1492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 674026
        9⤵
        
        PID:2788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 265590
        9⤵
        
        PID:4056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 546219
        9⤵
        
        PID:3092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 347770
        9⤵
        
        PID:3836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 359093
        9⤵
        
        PID:4016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 106402
        9⤵
        
        PID:2236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 96478
        9⤵
        
        PID:2164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 415272
        9⤵
        
        PID:2588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 440235
        9⤵
        
        PID:764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 553947
        9⤵
        
        PID:4160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 472200
        9⤵
        
        PID:4564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 81277
        9⤵
        
        PID:4272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 206739
        9⤵
        
        PID:4828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 442871
        9⤵
        
        PID:4384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 375004
        9⤵
        
        PID:5000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 443192
        9⤵
        
        PID:1704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 531713
        9⤵
        
        PID:5028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 399205
        9⤵
        
        PID:1832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 103670
        9⤵
        
        PID:3140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 235676
        9⤵
        
        PID:224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 352975
        9⤵
        
        PID:4996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 185358
        9⤵
        
        PID:4924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 352090
        9⤵
        
        PID:2104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 223149
        9⤵
        
        PID:5040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 214328
        9⤵
        
        PID:4612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 331397
        9⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 626274
        9⤵
        Checks computer location settings
        
        PID:4904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 577124
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 121131
        9⤵
        
        PID:4372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 171467
        9⤵
        
        PID:2268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 405012
        9⤵
        
        PID:1856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 591123
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 401396
        9⤵
        
        PID:2252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 99988
        9⤵
        
        PID:560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 182110
        9⤵
        
        PID:2248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 292928
        9⤵
        
        PID:5036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 433636
        9⤵
        
        PID:1836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 158440
        9⤵
        
        PID:3768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 127132
        9⤵
        
        PID:3352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 373627
        9⤵
        
        PID:2620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 323681
        9⤵
        
        PID:1800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 526861
        9⤵
        
        PID:1900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 64722
        9⤵
        
        PID:3080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 316334
        9⤵
        
        PID:2292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 266033
        9⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 485638
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 108666
        9⤵
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 663321
        9⤵
        
        PID:552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 616978
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 96401
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 616030
        9⤵
        
        PID:3004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 44260
        9⤵
        
        PID:4676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 319242
        9⤵
        
        PID:4956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 42585
        9⤵
        
        PID:60
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 346736
        9⤵
        
        PID:4640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 296476
        9⤵
        
        PID:740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 584395
        9⤵
        
        PID:732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 8962
        9⤵
        
        PID:3228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 73849
        9⤵
        
        PID:4352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 502875
        9⤵
        
        PID:3360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 378188
        9⤵
        
        PID:1308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 189349
        9⤵
        
        PID:3156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 71991
        9⤵
        
        PID:3712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 620291
        9⤵
        
        PID:4296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 162939
        9⤵
        
        PID:4208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 464521
        9⤵
        
        PID:4700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 443973
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 213570
        9⤵
        
        PID:2372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 583150
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 504338
        9⤵
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 325592
        9⤵
        
        PID:3136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 521352
        9⤵
        
        PID:3644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 403979
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 622035
        9⤵
        
        PID:3376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 495766
        9⤵
        
        PID:3976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 395072
        9⤵
        
        PID:2280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 431021
        9⤵
        
        PID:4056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 377918
        9⤵
        
        PID:4016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 280406
        9⤵
        
        PID:3836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 362303
        9⤵
        
        PID:3092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 264433
        9⤵
        
        PID:2236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 244845
        9⤵
        
        PID:2164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 647579
        9⤵
        
        PID:3168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 73714
        9⤵
        
        PID:872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 691449
        9⤵
        
        PID:2956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 306224
        9⤵
        
        PID:4272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 468646
        9⤵
        
        PID:980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 523886
        9⤵
        
        PID:5092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 587171
        9⤵
        
        PID:4284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 46421
        9⤵
        
        PID:1012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 236036
        9⤵
        
        PID:1832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 540807
        9⤵
        
        PID:3140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 428750
        9⤵
        
        PID:224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 366411
        9⤵
        
        PID:4824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 551035
        9⤵
        
        PID:4404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 461245
        9⤵
        
        PID:2104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 129379
        9⤵
        
        PID:1292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 327512
        9⤵
        
        PID:5040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 148354
        9⤵
        
        PID:4740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 144644
        9⤵
        
        PID:4004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 109993
        9⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 414018
        9⤵
        
        PID:996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 234861
        9⤵
        Blocklisted process makes network request
        Executes dropped EXE
        
        PID:4876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 485965
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 58997
        9⤵
        
        PID:2192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 32369
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 457889
        9⤵
        
        PID:2644
        
        C:\Windows\system32\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\cred64.dll, Main
        10⤵
        Loads dropped DLL
        
        PID:2780
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2780 -s 680
        11⤵
        Program crash
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 473331
        9⤵
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 344428
        9⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 363905
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 551404
        9⤵
        
        PID:4688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 184025
        9⤵
        
        PID:2248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 425021
        9⤵
        
        PID:3608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 14911
        9⤵
        
        PID:2692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 440749
        9⤵
        
        PID:2800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 543256
        9⤵
        
        PID:2620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 602582
        9⤵
        Adds Run key to start application
        
        PID:1900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 565655
        9⤵
        
        PID:3224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 32373
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 80528
        9⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 123367
        9⤵
        
        PID:5056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 209334
        9⤵
        
        PID:1984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 194630
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 296730
        9⤵
        Loads dropped DLL
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 564240
        9⤵
        
        PID:3772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 225145
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 224749
        9⤵
        
        PID:3536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 468770
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 25288
        9⤵
        
        PID:1620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 126893
        9⤵
        
        PID:336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 88324
        9⤵
        
        PID:4532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 454578
        9⤵
        
        PID:4756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 205504
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 634405
        9⤵
        
        PID:4132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 520828
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 587235
        9⤵
        
        PID:3400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 89905
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 328977
        9⤵
        
        PID:4240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 642221
        9⤵
        
        PID:4296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 643475
        9⤵
        
        PID:5020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 328234
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 261302
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 313932
        9⤵
        
        PID:4048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 442614
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 578413
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 316470
        9⤵
        
        PID:544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 309538
        9⤵
        
        PID:3964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 388444
        9⤵
        
        PID:1008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 691716
        9⤵
        
        PID:2244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 602198
        9⤵
        
        PID:3468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 233486
        9⤵
        
        PID:4348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 547537
        9⤵
        
        PID:4196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 419907
        9⤵
        
        PID:4340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 624742
        9⤵
        
        PID:764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 309877
        9⤵
        
        PID:4160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 186851
        9⤵
        
        PID:4596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 160438
        9⤵
        
        PID:4512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 593056
        9⤵
        
        PID:980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 474355
        9⤵
        
        PID:5092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 34064
        9⤵
        
        PID:4284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 607785
        9⤵
        
        PID:1012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 117614
        9⤵
        
        PID:1832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 68135
        9⤵
        
        PID:3140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 248717
        9⤵
        
        PID:224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 600710
        9⤵
        
        PID:4824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 96118
        9⤵
        
        PID:4404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 233207
        9⤵
        
        PID:2124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 235737
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 486683
        9⤵
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 306746
        9⤵
        
        PID:996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 585716
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 30476
        9⤵
        
        PID:2252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 39587
        9⤵
        
        PID:2528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 438492
        9⤵
        
        PID:3608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 643551
        9⤵
        
        PID:3720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 13051
        9⤵
        
        PID:4204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 646330
        9⤵
        
        PID:4908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 153569
        9⤵
        
        PID:3572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 357170
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 567881
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 573402
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 221529
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 213870
        9⤵
        
        PID:4956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 618904
        9⤵
        
        PID:4604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 512071
        9⤵
        
        PID:4260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 221209
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 206863
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 82180
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 518493
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 455699
        9⤵
        
        PID:2372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo 84783
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title 62232
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls && title svchost.exe
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20898
        9⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19102
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10089
        9⤵
        
        PID:732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11220
        9⤵
        
        PID:4260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25154
        9⤵
        
        PID:4132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22643
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18003
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28578
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26996
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18282
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28833
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27126
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11545
        9⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17622
        9⤵
        
        PID:1400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25955
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27164
        9⤵
        
        PID:4216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28694
        9⤵
        
        PID:4312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23328
        9⤵
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10496
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12546
        9⤵
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29958
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12110
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24072
        9⤵
        
        PID:4048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29573
        9⤵
        
        PID:1160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10421
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25121
        9⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10210
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23960
        9⤵
        
        PID:4584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16733
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12357
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20653
        9⤵
        
        PID:632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24617
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17505
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19649
        9⤵
        
        PID:732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21996
        9⤵
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14454
        9⤵
        
        PID:1236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28104
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11688
        9⤵
        
        PID:4048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17133
        9⤵
        
        PID:1160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21548
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17438
        9⤵
        
        PID:3772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14269
        9⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26530
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12820
        9⤵
        
        PID:3572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15298
        9⤵
        
        PID:4312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16967
        9⤵
        
        PID:4956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16548
        9⤵
        
        PID:4604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24574
        9⤵
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12892
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10846
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20733
        9⤵
        
        PID:4336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28328
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25248
        9⤵
        
        PID:892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20574
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24390
        9⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13708
        9⤵
        
        PID:4532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17983
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29322
        9⤵
        
        PID:4376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27254
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13283
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11148
        9⤵
        
        PID:4520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22072
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23576
        9⤵
        
        PID:892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27646
        9⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17718
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11736
        9⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16339
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17814
        9⤵
        
        PID:4240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27436
        9⤵
        
        PID:1624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29928
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17718
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19343
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26143
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17968
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25304
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11200
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16728
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18578
        9⤵
        
        PID:2272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13218
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17362
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17773
        9⤵
        
        PID:4376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18038
        9⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22154
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24586
        9⤵
        
        PID:4520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28637
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13408
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22885
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19707
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11911
        9⤵
        
        PID:632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25000
        9⤵
        
        PID:684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11700
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23353
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12535
        9⤵
        
        PID:1160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25075
        9⤵
        
        PID:4336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27272
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12856
        9⤵
        
        PID:1400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28526
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17870
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27789
        9⤵
        
        PID:4716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12147
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19934
        9⤵
        
        PID:632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18238
        9⤵
        
        PID:1768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26760
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17531
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29629
        9⤵
        
        PID:232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17462
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18264
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16527
        9⤵
        
        PID:4216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21632
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18675
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14394
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20967
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15620
        9⤵
        
        PID:1788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19806
        9⤵
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25760
        9⤵
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13989
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24685
        9⤵
        
        PID:4316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20360
        9⤵
        
        PID:4060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26041
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14541
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15061
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28206
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19707
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25122
        9⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14723
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11785
        9⤵
        
        PID:632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22789
        9⤵
        
        PID:1768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24819
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26593
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10709
        9⤵
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24426
        9⤵
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10022
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17375
        9⤵
        
        PID:1400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29854
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17198
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13389
        9⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19515
        9⤵
        
        PID:4312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13729
        9⤵
        
        PID:4544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18623
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28770
        9⤵
        
        PID:4760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16168
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17529
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21751
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16757
        9⤵
        
        PID:4216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28200
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14011
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23906
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15500
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11694
        9⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16562
        9⤵
        
        PID:684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15375
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29686
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11264
        9⤵
        
        PID:2460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22230
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10639
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27493
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29916
        9⤵
        
        PID:2780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22148
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27356
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20489
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23468
        9⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11207
        9⤵
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14551
        9⤵
        
        PID:836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19459
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14962
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12771
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11905
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19172
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25921
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18751
        9⤵
        
        PID:1076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20934
        9⤵
        
        PID:4832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28467
        9⤵
        
        PID:5036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25650
        9⤵
        
        PID:2272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11951
        9⤵
        
        PID:4464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22785
        9⤵
        
        PID:1800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24044
        9⤵
        
        PID:1768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14647
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12942
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14522
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17605
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18512
        9⤵
        
        PID:4908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20947
        9⤵
        
        PID:960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25942
        9⤵
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25650
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16313
        9⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23620
        9⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15475
        9⤵
        
        PID:3160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27167
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23073
        9⤵
        
        PID:684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18865
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18248
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12990
        9⤵
        
        PID:2460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12398
        9⤵
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20174
        9⤵
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11066
        9⤵
        
        PID:3488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15042
        9⤵
        
        PID:2780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28303
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28723
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12698
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28496
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23980
        9⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12093
        9⤵
        
        PID:1800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16158
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20291
        9⤵
        
        PID:1496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29988
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16161
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24869
        9⤵
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22566
        9⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29409
        9⤵
        
        PID:1400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10601
        9⤵
        
        PID:4388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17339
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24330
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19716
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14989
        9⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23090
        9⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20985
        9⤵
        
        PID:4112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18657
        9⤵
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13992
        9⤵
        
        PID:2460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13757
        9⤵
        
        PID:4520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25450
        9⤵
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17519
        9⤵
        
        PID:960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25342
        9⤵
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11664
        9⤵
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14260
        9⤵
        
        PID:548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25001
        9⤵
        
        PID:4716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13321
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14185
        9⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10163
        9⤵
        
        PID:1768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28422
        9⤵
        
        PID:4376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28591
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27954
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21361
        9⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22286
        9⤵
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25146
        9⤵
        
        PID:4216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21139
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20487
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19067
        9⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17120
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18395
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11255
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17605
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23623
        9⤵
        
        PID:1020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28581
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18580
        9⤵
        
        PID:2204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29348
        9⤵
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20131
        9⤵
        
        PID:3864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20656
        9⤵
        
        PID:1828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20617
        9⤵
        
        PID:2780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19108
        9⤵
        
        PID:4388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11821
        9⤵
        
        PID:2512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29604
        9⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27301
        9⤵
        
        PID:1784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18797
        9⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26568
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27192
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 21375
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29998
        9⤵
        
        PID:232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13212
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10470
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22509
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10671
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27657
        9⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12394
        9⤵
        
        PID:2412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29493
        9⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10079
        9⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12896
        9⤵
        
        PID:1400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15704
        9⤵
        
        PID:1788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26114
        9⤵
        
        PID:4112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22524
        9⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27936
        9⤵
        
        PID:1632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29288
        9⤵
        
        PID:1828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 28565
        9⤵
        
        PID:4316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14501
        9⤵
        
        PID:960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 16633
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15011
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19895
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15420
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12237
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 10770
        9⤵
        
        PID:4464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 17203
        9⤵
        
        PID:780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26327
        9⤵
        
        PID:4020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15771
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18496
        9⤵
        
        PID:4216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 13461
        9⤵
        
        PID:4376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 15490
        9⤵
        
        PID:2608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 11657
        9⤵
        
        PID:4932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25154
        9⤵
        
        PID:4356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 19123
        9⤵
        
        PID:2232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14658
        9⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 23065
        9⤵
        
        PID:2964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 20136
        9⤵
        
        PID:628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:1020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 27301
        9⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22691
        9⤵
        
        PID:1892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 29181
        9⤵
        
        PID:4788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:5008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 14086
        9⤵
        
        PID:1780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:2032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 22763
        9⤵
        
        PID:1828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26162
        9⤵
        
        PID:4316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 26726
        9⤵
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 24595
        9⤵
        
        PID:3220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 12315
        9⤵
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:3504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18964
        9⤵
        
        PID:2916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 25206
        9⤵
        
        PID:892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        9⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo Stub Generating... 18204
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\1000025001\Lionli.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000025001\Lionli.exe"
        7⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Player3.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Player3.exe"
        8⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe"
        9⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2348
        
        C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN nbveek.exe /TR "C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe" /F
        10⤵
        Creates scheduled task(s)
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "nbveek.exe" /P "Admin:N"&&CACLS "nbveek.exe" /P "Admin:R" /E&&echo Y|CACLS "..\16de06bfb4" /P "Admin:N"&&CACLS "..\16de06bfb4" /P "Admin:R" /E&&Exit
        10⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "nbveek.exe" /P "Admin:N"
        11⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "nbveek.exe" /P "Admin:R" /E
        11⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        11⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\16de06bfb4" /P "Admin:N"
        11⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        11⤵
        
        PID:336
        
        C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\16de06bfb4" /P "Admin:R" /E
        11⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\1000040001\pb1111.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000040001\pb1111.exe"
        10⤵
        Executes dropped EXE
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\1000042001\handdiy_1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000042001\handdiy_1.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c taskkill /f /im chrome.exe
        11⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im chrome.exe
        12⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4200
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        11⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4656
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafbfb4f50,0x7ffafbfb4f60,0x7ffafbfb4f70
        12⤵
        
        PID:4124
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:2
        12⤵
        
        PID:1232
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1960 /prefetch:8
        12⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2396
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:8
        12⤵
        
        PID:4756
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
        12⤵
        
        PID:3976
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
        12⤵
        
        PID:1492
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
        12⤵
        
        PID:4196
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
        12⤵
        
        PID:2276
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4596 /prefetch:8
        12⤵
        
        PID:4788
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4760 /prefetch:8
        12⤵
        
        PID:4716
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4904 /prefetch:8
        12⤵
        Drops file in Program Files directory
        
        PID:3804
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
        12⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:628
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5800 /prefetch:8
        12⤵
        
        PID:2512
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8
        12⤵
        
        PID:4468
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
        12⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1828
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5236 /prefetch:8
        12⤵
        
        PID:2416
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5308 /prefetch:8
        12⤵
        
        PID:900
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,6906574699496025833,8055803556594156244,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
        12⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\1000043001\random.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000043001\random.exe"
        10⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\1000043001\random.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000043001\random.exe" -h
        11⤵
        Executes dropped EXE
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\jfwang.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jfwang.exe"
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\jfwang.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jfwang.exe" -h
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\cred64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:3772
        
        C:\Windows\system32\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\cred64.dll, Main
        8⤵
        Loads dropped DLL
        
        PID:960
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 960 -s 680
        9⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\cred64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:3708
        
        C:\Windows\system32\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\cred64.dll, Main
        8⤵
        Loads dropped DLL
        
        PID:4788
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4788 -s 680
        9⤵
        Program crash
        
        PID:4748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\cred64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:2644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\clip64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:4832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\clip64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:3756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\55b408a629a8dd\clip64.dll, Main
        7⤵
        Loads dropped DLL
        
        PID:836
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
        5⤵
        Loads dropped DLL
        
        PID:3428
      - C:\Windows\system32\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
        6⤵
        Loads dropped DLL
        
        PID:2624
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 2624 -s 688
        7⤵
        Program crash
        
        PID:1400
- - C:\Users\Admin\AppData\Local\Temp\1000017051\tanos1.exe
    "C:\Users\Admin\AppData\Local\Temp\1000017051\tanos1.exe"
    3⤵
    - Executes dropped EXE
    PID:4668
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
    3⤵
    - Loads dropped DLL
    PID:3448
  - - C:\Windows\system32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
      4⤵
      PID:4220
    - - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 4220 -s 680
        5⤵
        Program crash
        
        PID:4172
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
    3⤵
    - Loads dropped DLL
    PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4184 -ip 4184
1⤵
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4440 -ip 4440
1⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2624 -ip 2624
1⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe
C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe
1⤵
- Executes dropped EXE
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 600
1⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3952 -ip 3952
1⤵
PID:1856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
1⤵
- Loads dropped DLL
PID:3952

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
1⤵
- Process spawned unexpected child process
PID:3332

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 4220 -ip 4220
1⤵
PID:3452

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:4972

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
1⤵
- Process spawned unexpected child process
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
  2⤵
  - Loads dropped DLL
  PID:3392
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 600
    3⤵
    - Program crash
    PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3392 -ip 3392
1⤵
PID:4832

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
PID:2268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
1⤵
PID:4512

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 2624 -ip 2624
1⤵
PID:3504

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 4788 -ip 4788
1⤵
PID:2128

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 552 -p 2780 -ip 2780
1⤵
PID:3160

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 960 -ip 960
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\1000079052\tanos.exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\1000079052\tanos.exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\1000080052\nesto.exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\1000080052\nesto.exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\nesto.exe.log

Filesize
2KB

MD5
6280633c9acfd9ed67906bada1d0b408

SHA1
1183fe166d8a5d047137373857e8c41980548608

SHA256
3d41d4ebf421ffe0784df18be73d2b0509f71f71c1e77aae8f42c0ebacae1c1c

SHA512
7eb02593a335e2be440d07109e37e6714974e3b54f48ee4865d923f3bc08d0bac3492151c11086c8e2e0823f3fa68fb74818c964a3ba5c3289416977a9ee0980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tanos.exe.log

Filesize
2KB

MD5
c89455577734b863a447e44a57dd60ea

SHA1
82530ad7e337b4c866beb8e9f1d0e2e0011ed8bc

SHA256
bfa39bf8f525794b4bd761834f5e475752a899f7d707932ec4561d656dcbdd70

SHA512
bdc2adacc8c447129bd5ad9d4e3cd965ad7e1fd1d7ed6d1e4d92159761c6e1e83a5b30226002dedbacfcd0ccca48d49a1be895c6b2ce73dadf0d89118be72de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO3L93KT\nesto[1].exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S06R0H76\tanos[1].exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000003051\lola.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000003051\lola.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000004001\lola1.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000004001\lola1.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000005051\nesto1.exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000005051\nesto1.exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000006051\tanos.exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000006051\tanos.exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000009001\stown.exe

Filesize
175KB

MD5
380c7f5b9f380e12d091c0f3a45b7499

SHA1
b4c56c293ef9cba73b0451457a3e6689e9981e10

SHA256
f2c8e305017b517b148ab331202abb26fe518779f2630926ceaf48ccf7c4d795

SHA512
d962e284d546730f60f3f2d3b94a4654cd0ad6b7ba7edc08b5f8f4a3c5f6b183dc64c713484a83c905d3209e1ee1468ff3e19d2fbc021bee8d30e90a2f7bfce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000009001\stown.exe

Filesize
175KB

MD5
380c7f5b9f380e12d091c0f3a45b7499

SHA1
b4c56c293ef9cba73b0451457a3e6689e9981e10

SHA256
f2c8e305017b517b148ab331202abb26fe518779f2630926ceaf48ccf7c4d795

SHA512
d962e284d546730f60f3f2d3b94a4654cd0ad6b7ba7edc08b5f8f4a3c5f6b183dc64c713484a83c905d3209e1ee1468ff3e19d2fbc021bee8d30e90a2f7bfce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000010051\nesto.exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000010051\nesto.exe

Filesize
305KB

MD5
62b6ba3a950d169ed0038456b5fe5dd8

SHA1
fcb8da53ef466f246618a632c976115174eef98f

SHA256
b1b3135edb99cf981f38262f62a7bffcd60a22230cc1c5c0ff34e64389160423

SHA512
708618727e7b01f090f2f62baa10ac074dd04497ff02cb2fa09aa974fa2223e4e947bd17e86b16627c03a159772ad7936c4034d35f4ff65f2128c714f7e11943

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000011001\stown3.exe

Filesize
175KB

MD5
97956e63f5d77b8ddcbed50c7765b4cd

SHA1
8ee827295bc46f51acf4c3e6472cb86b71ddb9c7

SHA256
22363b9b60f638b72c1f6b12d9ee1d8046fc208247fbde7ab7ac144bf489e415

SHA512
6683249d040803e1d0b21c3e8b097081a38aa16ab05343657f6164e4ed45ace28d328f3055e15c95881b3a39899f0e27e886dedfdae2bec505f00b3c9bc6719c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000011001\stown3.exe

Filesize
175KB

MD5
97956e63f5d77b8ddcbed50c7765b4cd

SHA1
8ee827295bc46f51acf4c3e6472cb86b71ddb9c7

SHA256
22363b9b60f638b72c1f6b12d9ee1d8046fc208247fbde7ab7ac144bf489e415

SHA512
6683249d040803e1d0b21c3e8b097081a38aa16ab05343657f6164e4ed45ace28d328f3055e15c95881b3a39899f0e27e886dedfdae2bec505f00b3c9bc6719c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000012001\stown1.exe

Filesize
3.4MB

MD5
b00fe17fccad1c5f877029217da5c175

SHA1
344bf3f57c4742d789df1df6c0f89a8bfef93a1a

SHA256
960adba1385780365bed7eded36309aba3f0fa281f304900abd1e381a3f78fbe

SHA512
fe536d67ab141e735912ab6fd2e5bc02cefd003b1144fcffd8a277573d96e13bae672857044dcd6902178408a0f0abae081aa02b7c851b5de2c61daea02f2f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000014001\love.exe

Filesize
175KB

MD5
68e8e72cf791f738b1574ae25bcbd45b

SHA1
47b58f095e0beefa1caaba7ec7e8d609ee7e3d1f

SHA256
3aa8e492247c9bc7c9a3dec184e09cc407bbc98683d9646ed984a372fd0958a9

SHA512
5f002166f3bb935dd3bfc5c604104d0249b0e378ec370e49efa313b95ff9ba910389448e6c3e124d539aa563af4d727d9e31a4542b9a610fb07fdb4bded10e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000014001\love.exe

Filesize
175KB

MD5
68e8e72cf791f738b1574ae25bcbd45b

SHA1
47b58f095e0beefa1caaba7ec7e8d609ee7e3d1f

SHA256
3aa8e492247c9bc7c9a3dec184e09cc407bbc98683d9646ed984a372fd0958a9

SHA512
5f002166f3bb935dd3bfc5c604104d0249b0e378ec370e49efa313b95ff9ba910389448e6c3e124d539aa563af4d727d9e31a4542b9a610fb07fdb4bded10e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000016001\legio.exe

Filesize
235KB

MD5
9630e11f88c832c3c7a5da18ef9cc0ac

SHA1
5bfadbe22a7b3a1db3cb5a7f2ec224f4e44c7bd0

SHA256
2c25b70f08a34cc52989882c4715854c4f488dacfa2c4a615ce5f8c265b21862

SHA512
da94fdf546709e7f18af019cd92e23af81d161b9e2730b65719381da052320191d957db16d06b26021f8de686a7fb6b20d9715fe7e64a0c7063a6b3051dab4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000016001\legio.exe

Filesize
235KB

MD5
9630e11f88c832c3c7a5da18ef9cc0ac

SHA1
5bfadbe22a7b3a1db3cb5a7f2ec224f4e44c7bd0

SHA256
2c25b70f08a34cc52989882c4715854c4f488dacfa2c4a615ce5f8c265b21862

SHA512
da94fdf546709e7f18af019cd92e23af81d161b9e2730b65719381da052320191d957db16d06b26021f8de686a7fb6b20d9715fe7e64a0c7063a6b3051dab4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000017051\tanos1.exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000017051\tanos1.exe

Filesize
175KB

MD5
1d71ce85fb4517119a51fc33910f1975

SHA1
de346e455b4435dc9b9b8dbc506bd5f2b3e84052

SHA256
f3bba4b243aafa14e55ebea622e10b30591d46538f9bd88f7360f45f7b2f4bf2

SHA512
77e5ebd54456473001116641a9a663c2a75087d096e2d1d3c0a6a93b06c1a15a45dd1731339cd7a2746acedfc87137c95ffc9812e6bd82030b43398d817bd673

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe

Filesize
6.4MB

MD5
c536233b2a3d1b3684234d7a06e3c13b

SHA1
f71939513ec9b125ec5b348b6cfe39d311909b66

SHA256
53baaf9bd0f49630860bb54752927876799f069250fba2856e76042353996013

SHA512
7d01e36e0f91215b23f93209fe9022287522611f0ed0165c355f04212f90d827efb29f86883d4b4775c62267c7ad93987fbb339d48fea46d1fd6b28128b6d1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe

Filesize
6.4MB

MD5
c536233b2a3d1b3684234d7a06e3c13b

SHA1
f71939513ec9b125ec5b348b6cfe39d311909b66

SHA256
53baaf9bd0f49630860bb54752927876799f069250fba2856e76042353996013

SHA512
7d01e36e0f91215b23f93209fe9022287522611f0ed0165c355f04212f90d827efb29f86883d4b4775c62267c7ad93987fbb339d48fea46d1fd6b28128b6d1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000024001\KoverV2_launch.exe

Filesize
6.4MB

MD5
c536233b2a3d1b3684234d7a06e3c13b

SHA1
f71939513ec9b125ec5b348b6cfe39d311909b66

SHA256
53baaf9bd0f49630860bb54752927876799f069250fba2856e76042353996013

SHA512
7d01e36e0f91215b23f93209fe9022287522611f0ed0165c355f04212f90d827efb29f86883d4b4775c62267c7ad93987fbb339d48fea46d1fd6b28128b6d1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000085001\700K.exe

Filesize
175KB

MD5
10fc0e201418375882eeef47dba6b6d8

SHA1
bbdc696eb27fb2367e251db9b0fae64a0a58b0d0

SHA256
b6dcda3b84e6561d582db25fdbdbcd6ddb350579899817122d08dfdb6c8fd2a3

SHA512
746b1f7c7f6e841bdbe308c34ed20e2cf48a757a70f97e6f37903f3ec0aa0c8d944cc75648109a6594839df0e3858ba84177d2fa3cc6398f39656c6421df2ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000085001\700K.exe

Filesize
175KB

MD5
10fc0e201418375882eeef47dba6b6d8

SHA1
bbdc696eb27fb2367e251db9b0fae64a0a58b0d0

SHA256
b6dcda3b84e6561d582db25fdbdbcd6ddb350579899817122d08dfdb6c8fd2a3

SHA512
746b1f7c7f6e841bdbe308c34ed20e2cf48a757a70f97e6f37903f3ec0aa0c8d944cc75648109a6594839df0e3858ba84177d2fa3cc6398f39656c6421df2ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000087001\USA.exe

Filesize
175KB

MD5
1da0e5f318bc0fb7f81792e82504b795

SHA1
afe0de84db99a7006e6c3ed621c6b237c603385d

SHA256
0c8e929b94e2710d3e727f649359564663f0350d5adc88db03d3b517feb8d58b

SHA512
aa2205fe5ba1ac2a9ba52db7601e7f0864a04da61813d7a8aae7efd0145cc1dd03be64fff392f03ab0579a48c7ca6ace82989eeb51bb2db826a69ca09d41a617

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000087001\USA.exe

Filesize
175KB

MD5
1da0e5f318bc0fb7f81792e82504b795

SHA1
afe0de84db99a7006e6c3ed621c6b237c603385d

SHA256
0c8e929b94e2710d3e727f649359564663f0350d5adc88db03d3b517feb8d58b

SHA512
aa2205fe5ba1ac2a9ba52db7601e7f0864a04da61813d7a8aae7efd0145cc1dd03be64fff392f03ab0579a48c7ca6ace82989eeb51bb2db826a69ca09d41a617

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000096001\svhost.exe

Filesize
1.9MB

MD5
2146b105c0908c19e7f605a64be38495

SHA1
ac44479ff46bb1c0f53ce628203167f7bea864ca

SHA256
e95938370d6e25ab65c76b6beba7582b4814eec28d353cb7e12bdb3c0ac09656

SHA512
9405053efbbdc3b6235bbf6419cf85fc4f5a3f1e311f3c5a0235577e1789e77839617fea092820e708ecb9f4de2ff0116747f8cf24ebcddd80a67754c62adfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000096001\svhost.exe

Filesize
1.9MB

MD5
2146b105c0908c19e7f605a64be38495

SHA1
ac44479ff46bb1c0f53ce628203167f7bea864ca

SHA256
e95938370d6e25ab65c76b6beba7582b4814eec28d353cb7e12bdb3c0ac09656

SHA512
9405053efbbdc3b6235bbf6419cf85fc4f5a3f1e311f3c5a0235577e1789e77839617fea092820e708ecb9f4de2ff0116747f8cf24ebcddd80a67754c62adfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000107001\Amadey111111.exe

Filesize
246KB

MD5
9adcb26071e8018dc0b576b39acb980e

SHA1
d0f48a5761efbb38a4d195c69d6382b9e9748ed6

SHA256
083108736f1e4d0fae4243cd285903a9335865bef6623254b808b8e1cbe8f5cf

SHA512
679044773e02c6fff42387da8ba252058eb1462015011a455cc147952598e9df3a4a47af31fa71daa3f31175fa14f34d4b56d01740c8c38a7d09fb007779280f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000107001\Amadey111111.exe

Filesize
246KB

MD5
9adcb26071e8018dc0b576b39acb980e

SHA1
d0f48a5761efbb38a4d195c69d6382b9e9748ed6

SHA256
083108736f1e4d0fae4243cd285903a9335865bef6623254b808b8e1cbe8f5cf

SHA512
679044773e02c6fff42387da8ba252058eb1462015011a455cc147952598e9df3a4a47af31fa71daa3f31175fa14f34d4b56d01740c8c38a7d09fb007779280f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4b9a106e76\nbveek.exe

Filesize
235KB

MD5
6779cd6f17fa7536c4490cc6d72a00a0

SHA1
2976ecc0ecc2800be22fa92868c2173a44e04ee0

SHA256
b00302c7a37d30e1d649945bce637c2be5ef5a1055e572df9866ef8281964b65

SHA512
88e8e38e1c664ebe1aa3c9f7601496b83f3c7ca9916a49573d169a33ae697602737505aaa2af755b6bea19dc38064742876b585a41c6ffaac172a44fb8bdc482

Download Submit
C:\Users\Admin\AppData\Local\Temp\4b9a106e76\nbveek.exe

Filesize
235KB

MD5
6779cd6f17fa7536c4490cc6d72a00a0

SHA1
2976ecc0ecc2800be22fa92868c2173a44e04ee0

SHA256
b00302c7a37d30e1d649945bce637c2be5ef5a1055e572df9866ef8281964b65

SHA512
88e8e38e1c664ebe1aa3c9f7601496b83f3c7ca9916a49573d169a33ae697602737505aaa2af755b6bea19dc38064742876b585a41c6ffaac172a44fb8bdc482

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e0894bcc4\nbveek.exe

Filesize
235KB

MD5
9630e11f88c832c3c7a5da18ef9cc0ac

SHA1
5bfadbe22a7b3a1db3cb5a7f2ec224f4e44c7bd0

SHA256
2c25b70f08a34cc52989882c4715854c4f488dacfa2c4a615ce5f8c265b21862

SHA512
da94fdf546709e7f18af019cd92e23af81d161b9e2730b65719381da052320191d957db16d06b26021f8de686a7fb6b20d9715fe7e64a0c7063a6b3051dab4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e0894bcc4\nbveek.exe

Filesize
235KB

MD5
9630e11f88c832c3c7a5da18ef9cc0ac

SHA1
5bfadbe22a7b3a1db3cb5a7f2ec224f4e44c7bd0

SHA256
2c25b70f08a34cc52989882c4715854c4f488dacfa2c4a615ce5f8c265b21862

SHA512
da94fdf546709e7f18af019cd92e23af81d161b9e2730b65719381da052320191d957db16d06b26021f8de686a7fb6b20d9715fe7e64a0c7063a6b3051dab4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\_socket.pyd

Filesize
72KB

MD5
5dd51579fa9b6a06336854889562bec0

SHA1
99c0ed0a15ed450279b01d95b75c162628c9be1d

SHA256
3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c

SHA512
7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\_socket.pyd

Filesize
72KB

MD5
5dd51579fa9b6a06336854889562bec0

SHA1
99c0ed0a15ed450279b01d95b75c162628c9be1d

SHA256
3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c

SHA512
7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\_ssl.pyd

Filesize
152KB

MD5
11c5008e0ba2caa8adf7452f0aaafd1e

SHA1
764b33b749e3da9e716b8a853b63b2f7711fcc7c

SHA256
bf63f44951f14c9d0c890415d013276498d6d59e53811bbe2fa16825710bea14

SHA512
fceb022d8694bce6504d6b64de4596e2b8252fc2427ee66300e37bcff297579cc7d32a8cb8f847408eaa716cb053e20d53e93fbd945e3f60d58214e6a969c9dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\_ssl.pyd

Filesize
152KB

MD5
11c5008e0ba2caa8adf7452f0aaafd1e

SHA1
764b33b749e3da9e716b8a853b63b2f7711fcc7c

SHA256
bf63f44951f14c9d0c890415d013276498d6d59e53811bbe2fa16825710bea14

SHA512
fceb022d8694bce6504d6b64de4596e2b8252fc2427ee66300e37bcff297579cc7d32a8cb8f847408eaa716cb053e20d53e93fbd945e3f60d58214e6a969c9dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\base_library.zip

Filesize
1.0MB

MD5
429d69ca12f933b66805ddb1429b1fea

SHA1
74d1b60c7d62fe5ae702ee2e11050b0552037fe3

SHA256
35806272c7ba80f6d4fdedaeed242dd2d90092d1f994a1eeca399154c12fd3d0

SHA512
27d67627ed2ece8134afc450e1a96aa5825be2a03a1ebe7b6bb673c0756419cf5896c43396c548936a643ea0c3ff9690d7b6d44db4eaa6ffeaf3415543f54628

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\select.pyd

Filesize
25KB

MD5
78d421a4e6b06b5561c45b9a5c6f86b1

SHA1
c70747d3f2d26a92a0fe0b353f1d1d01693929ac

SHA256
f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823

SHA512
83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21962\select.pyd

Filesize
25KB

MD5
78d421a4e6b06b5561c45b9a5c6f86b1

SHA1
c70747d3f2d26a92a0fe0b353f1d1d01693929ac

SHA256
f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823

SHA512
83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012

Download Submit
C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe

Filesize
246KB

MD5
9adcb26071e8018dc0b576b39acb980e

SHA1
d0f48a5761efbb38a4d195c69d6382b9e9748ed6

SHA256
083108736f1e4d0fae4243cd285903a9335865bef6623254b808b8e1cbe8f5cf

SHA512
679044773e02c6fff42387da8ba252058eb1462015011a455cc147952598e9df3a4a47af31fa71daa3f31175fa14f34d4b56d01740c8c38a7d09fb007779280f

Download Submit
C:\Users\Admin\AppData\Local\Temp\c1e3594748\nbveek.exe

Filesize
246KB

MD5
9adcb26071e8018dc0b576b39acb980e

SHA1
d0f48a5761efbb38a4d195c69d6382b9e9748ed6

SHA256
083108736f1e4d0fae4243cd285903a9335865bef6623254b808b8e1cbe8f5cf

SHA512
679044773e02c6fff42387da8ba252058eb1462015011a455cc147952598e9df3a4a47af31fa71daa3f31175fa14f34d4b56d01740c8c38a7d09fb007779280f

Download Submit
C:\Users\Admin\AppData\Roaming\1000007000\love1.exe

Filesize
175KB

MD5
68e8e72cf791f738b1574ae25bcbd45b

SHA1
47b58f095e0beefa1caaba7ec7e8d609ee7e3d1f

SHA256
3aa8e492247c9bc7c9a3dec184e09cc407bbc98683d9646ed984a372fd0958a9

SHA512
5f002166f3bb935dd3bfc5c604104d0249b0e378ec370e49efa313b95ff9ba910389448e6c3e124d539aa563af4d727d9e31a4542b9a610fb07fdb4bded10e77

Download Submit
C:\Users\Admin\AppData\Roaming\1000007000\love1.exe

Filesize
175KB

MD5
68e8e72cf791f738b1574ae25bcbd45b

SHA1
47b58f095e0beefa1caaba7ec7e8d609ee7e3d1f

SHA256
3aa8e492247c9bc7c9a3dec184e09cc407bbc98683d9646ed984a372fd0958a9

SHA512
5f002166f3bb935dd3bfc5c604104d0249b0e378ec370e49efa313b95ff9ba910389448e6c3e124d539aa563af4d727d9e31a4542b9a610fb07fdb4bded10e77

Download Submit
memory/60-189-0x0000000000400000-0x0000000000920000-memory.dmp

Filesize
5.1MB

Download
memory/368-151-0x00007FFAFA6A0000-0x00007FFAFB161000-memory.dmp

Filesize
10.8MB

Download
memory/368-183-0x00007FFAFA6A0000-0x00007FFAFB161000-memory.dmp

Filesize
10.8MB

Download
memory/1384-327-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/1384-334-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/1512-335-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/1512-338-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/1512-337-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/1512-336-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/1900-259-0x000000000255B000-0x0000000002705000-memory.dmp

Filesize
1.7MB

Download
memory/1900-303-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/1900-260-0x0000000002710000-0x0000000002AE0000-memory.dmp

Filesize
3.8MB

Download
memory/1900-261-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/1900-308-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/1932-288-0x00000000004E0000-0x000000000054E000-memory.dmp

Filesize
440KB

Download
memory/1956-326-0x0000000140000000-0x0000000140004000-memory.dmp

Filesize
16KB

Download
memory/1956-324-0x0000000140000000-0x0000000140004000-memory.dmp

Filesize
16KB

Download
memory/2276-174-0x0000000000510000-0x0000000000542000-memory.dmp

Filesize
200KB

Download
memory/2624-236-0x0000000000400000-0x0000000002BB6000-memory.dmp

Filesize
39.7MB

Download
memory/2624-234-0x0000000002D4E000-0x0000000002D7C000-memory.dmp

Filesize
184KB

Download
memory/2624-289-0x0000000000400000-0x0000000002BB6000-memory.dmp

Filesize
39.7MB

Download
memory/2644-339-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/2644-348-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/2644-342-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/2644-341-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/2644-343-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/2908-310-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/2908-309-0x0000000002401000-0x00000000025AB000-memory.dmp

Filesize
1.7MB

Download
memory/2908-311-0x0000000000400000-0x0000000000803000-memory.dmp

Filesize
4.0MB

Download
memory/2948-182-0x00007FFAFA6A0000-0x00007FFAFB161000-memory.dmp

Filesize
10.8MB

Download
memory/2948-147-0x00007FFAFA6A0000-0x00007FFAFB161000-memory.dmp

Filesize
10.8MB

Download
memory/2948-146-0x0000000000970000-0x000000000097A000-memory.dmp

Filesize
40KB

Download
memory/2956-321-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/2956-329-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/2956-328-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/2956-322-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/2956-320-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/2956-314-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/2964-340-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/3104-229-0x0000000000370000-0x00000000003A2000-memory.dmp

Filesize
200KB

Download
memory/3444-181-0x0000000000B00000-0x0000000000B32000-memory.dmp

Filesize
200KB

Download
memory/3496-319-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/3496-318-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/3496-333-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/3496-315-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/3496-332-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/3496-331-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/3496-316-0x00007FFB196D0000-0x00007FFB198C5000-memory.dmp

Filesize
2.0MB

Download
memory/3496-317-0x00007FFB19210000-0x00007FFB192CE000-memory.dmp

Filesize
760KB

Download
memory/3552-166-0x0000000000E00000-0x0000000000E32000-memory.dmp

Filesize
200KB

Download
memory/3552-185-0x0000000005B30000-0x0000000005B96000-memory.dmp

Filesize
408KB

Download
memory/3720-312-0x000002A167510000-0x000002A167532000-memory.dmp

Filesize
136KB

Download
memory/3720-313-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download
memory/3724-304-0x0000000140000000-0x000000014061E000-memory.dmp

Filesize
6.1MB

Download
memory/4184-218-0x0000000002E8F000-0x0000000002EBD000-memory.dmp

Filesize
184KB

Download
memory/4184-235-0x0000000002E8F000-0x0000000002EBD000-memory.dmp

Filesize
184KB

Download
memory/4184-237-0x0000000000400000-0x0000000002BB6000-memory.dmp

Filesize
39.7MB

Download
memory/4184-167-0x0000000002E8F000-0x0000000002EBD000-memory.dmp

Filesize
184KB

Download
memory/4184-169-0x0000000002E10000-0x0000000002E5B000-memory.dmp

Filesize
300KB

Download
memory/4184-168-0x00000000071D0000-0x0000000007774000-memory.dmp

Filesize
5.6MB

Download
memory/4184-170-0x0000000000400000-0x0000000002BB6000-memory.dmp

Filesize
39.7MB

Download
memory/4200-193-0x0000000006660000-0x00000000066D6000-memory.dmp

Filesize
472KB

Download
memory/4200-158-0x0000000000C80000-0x0000000000CB2000-memory.dmp

Filesize
200KB

Download
memory/4200-159-0x0000000005D40000-0x0000000006358000-memory.dmp

Filesize
6.1MB

Download
memory/4200-160-0x0000000005830000-0x000000000593A000-memory.dmp

Filesize
1.0MB

Download
memory/4200-184-0x00000000059E0000-0x0000000005A72000-memory.dmp

Filesize
584KB

Download
memory/4200-161-0x00000000031E0000-0x00000000031F2000-memory.dmp

Filesize
72KB

Download
memory/4200-162-0x0000000005720000-0x000000000575C000-memory.dmp

Filesize
240KB

Download
memory/4200-199-0x00000000075C0000-0x0000000007AEC000-memory.dmp

Filesize
5.2MB

Download
memory/4200-194-0x00000000066E0000-0x0000000006730000-memory.dmp

Filesize
320KB

Download
memory/4200-198-0x0000000006EC0000-0x0000000007082000-memory.dmp

Filesize
1.8MB

Download
memory/4440-249-0x0000000000400000-0x0000000002BB6000-memory.dmp

Filesize
39.7MB

Download
memory/4440-238-0x0000000002DFE000-0x0000000002E2D000-memory.dmp

Filesize
188KB

Download
memory/4440-192-0x0000000000400000-0x0000000002BB6000-memory.dmp

Filesize
39.7MB

Download
memory/4440-248-0x0000000002DFE000-0x0000000002E2D000-memory.dmp

Filesize
188KB

Download
memory/4440-188-0x0000000002DFE000-0x0000000002E2D000-memory.dmp

Filesize
188KB

Download
memory/4860-233-0x0000000000350000-0x0000000000382000-memory.dmp

Filesize
200KB

Download
memory/5072-330-0x00007FFAF7850000-0x00007FFAF8311000-memory.dmp

Filesize
10.8MB

Download