4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365

max time kernel
39s
max time network
1809s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888Rat.exe
Size

93.6MB
MD5

553951bbbde6c6001ade88f3a06a9b9a
SHA1

28cd84b4533433cc925123f106e4efbbddd3c2ca
SHA256

4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365
SHA512

e9cf57ca2cd87fa2b3c05c0003ae11fc51d4139072d028ba52d665de57fffcb9c279cbe19ede001cc56ac464212ab8f6cbb8e7023c7ca567835a7b540a58521d
SSDEEP

1572864:ST0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5km:ST0I1IGfr0H4HbLYrXajRPcl0issnM4s

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 48 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	888RAT.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	888RAT.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	888RAT.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	SERVERS.EXE

Executes dropped EXE 42 IoCs

pid	Process
3808	SERVERS.EXE
3376	888RAT.EXE
1136	SERVERS.EXE
3540	Process not Found
3776	Process not Found
1372	Process not Found
3600	Process not Found
1624	Process not Found
2844	Process not Found
4272	Process not Found
4584	Process not Found
4268	Process not Found
464	Process not Found
3732	Process not Found
4344	Process not Found
880	Process not Found
1784	Process not Found
4392	Process not Found
5100	Process not Found
4828	Process not Found
3924	Process not Found
448	Process not Found
1080	Process not Found
4164	SERVERS.EXE
3836	Process not Found
464	Process not Found
1120	SERVERS.EXE
1356	Process not Found
4840	Process not Found
3728	Process not Found
652	Process not Found
4356	Process not Found
1280	Process not Found
3976	Process not Found
892	Process not Found
3136	Process not Found
4136	Process not Found
3368	Process not Found
3808	Process not Found
4692	SERVERS.EXE
4524	Process not Found
4656	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GeForce = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\SERVERS.EXE\""	SERVERS.EXE

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
24	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1492	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1136	SERVERS.EXE
1136	SERVERS.EXE
1136	SERVERS.EXE
1136	SERVERS.EXE
1136	SERVERS.EXE
1136	SERVERS.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1136	SERVERS.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1136	SERVERS.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4372	3988	SERVERS.EXE	985
PID 3988 wrote to memory of 4372	3988	SERVERS.EXE	985
PID 3988 wrote to memory of 4372	3988	SERVERS.EXE	985
PID 3988 wrote to memory of 3808	3988	SERVERS.EXE	172
PID 3988 wrote to memory of 3808	3988	SERVERS.EXE	172
PID 4372 wrote to memory of 2448	4372	Process not Found	871
PID 4372 wrote to memory of 2448	4372	Process not Found	871
PID 4372 wrote to memory of 2448	4372	Process not Found	871
PID 4372 wrote to memory of 3376	4372	Process not Found	339
PID 4372 wrote to memory of 3376	4372	Process not Found	339
PID 2448 wrote to memory of 5068	2448	888RAT.EXE	1256
PID 2448 wrote to memory of 5068	2448	888RAT.EXE	1256
PID 2448 wrote to memory of 5068	2448	888RAT.EXE	1256
PID 2448 wrote to memory of 1136	2448	888RAT.EXE	94
PID 2448 wrote to memory of 1136	2448	888RAT.EXE	94
PID 5068 wrote to memory of 4636	5068	Process not Found	1518
PID 5068 wrote to memory of 4636	5068	Process not Found	1518
PID 5068 wrote to memory of 4636	5068	Process not Found	1518
PID 5068 wrote to memory of 3540	5068	Process not Found	1592
PID 5068 wrote to memory of 3540	5068	Process not Found	1592
PID 4636 wrote to memory of 3732	4636	Process not Found	1031
PID 4636 wrote to memory of 3732	4636	Process not Found	1031
PID 4636 wrote to memory of 3732	4636	Process not Found	1031
PID 4636 wrote to memory of 3776	4636	Process not Found	1473
PID 4636 wrote to memory of 3776	4636	Process not Found	1473
PID 3732 wrote to memory of 1228	3732	888RAT.EXE	715
PID 3732 wrote to memory of 1228	3732	888RAT.EXE	715
PID 3732 wrote to memory of 1228	3732	888RAT.EXE	715
PID 3732 wrote to memory of 1372	3732	888RAT.EXE	1643
PID 3732 wrote to memory of 1372	3732	888RAT.EXE	1643
PID 1228 wrote to memory of 1596	1228	888RAT.EXE	1848
PID 1228 wrote to memory of 1596	1228	888RAT.EXE	1848
PID 1228 wrote to memory of 1596	1228	888RAT.EXE	1848
PID 1228 wrote to memory of 3600	1228	888RAT.EXE	1339
PID 1228 wrote to memory of 3600	1228	888RAT.EXE	1339
PID 1596 wrote to memory of 2100	1596	Process not Found	1578
PID 1596 wrote to memory of 2100	1596	Process not Found	1578
PID 1596 wrote to memory of 2100	1596	Process not Found	1578
PID 1596 wrote to memory of 1624	1596	Process not Found	1593
PID 1596 wrote to memory of 1624	1596	Process not Found	1593
PID 2100 wrote to memory of 944	2100	Process not Found	1783
PID 2100 wrote to memory of 944	2100	Process not Found	1783
PID 2100 wrote to memory of 944	2100	Process not Found	1783
PID 2100 wrote to memory of 2844	2100	Process not Found	1138
PID 2100 wrote to memory of 2844	2100	Process not Found	1138
PID 1136 wrote to memory of 1492	1136	SERVERS.EXE	2335
PID 1136 wrote to memory of 1492	1136	SERVERS.EXE	2335
PID 944 wrote to memory of 3220	944	Process not Found	1551
PID 944 wrote to memory of 3220	944	Process not Found	1551
PID 944 wrote to memory of 3220	944	Process not Found	1551
PID 944 wrote to memory of 4272	944	Process not Found	1921
PID 944 wrote to memory of 4272	944	Process not Found	1921
PID 3220 wrote to memory of 3480	3220	Process not Found	2563
PID 3220 wrote to memory of 3480	3220	Process not Found	2563
PID 3220 wrote to memory of 3480	3220	Process not Found	2563
PID 3220 wrote to memory of 4584	3220	Process not Found	1939
PID 3220 wrote to memory of 4584	3220	Process not Found	1939
PID 3480 wrote to memory of 4840	3480	Process not Found	2935
PID 3480 wrote to memory of 4840	3480	Process not Found	2935
PID 3480 wrote to memory of 4840	3480	Process not Found	2935
PID 3480 wrote to memory of 4268	3480	Process not Found	2047
PID 3480 wrote to memory of 4268	3480	Process not Found	2047
PID 4840 wrote to memory of 448	4840	Process not Found	2422
PID 4840 wrote to memory of 448	4840	Process not Found	2422

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\888Rat.exe
"C:\Users\Admin\AppData\Local\Temp\888Rat.exe"
1⤵
PID:3988
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
      "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
      4⤵
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        7⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        5⤵
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1136
    - - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /tn "WINDOWSSYSTEMHOST" /tr "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE" /sc MINUTE /MO 1
        5⤵
        Creates scheduled task(s)
        
        PID:1492
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    PID:3376
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  PID:3808

C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
"C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
1⤵
PID:3220
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:3480
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    PID:4840
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  PID:4584

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
"C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
1⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
"C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
1⤵
PID:448
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
      "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
      4⤵
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        6⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        5⤵
        
        PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
      4⤵
      PID:880
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  PID:3732

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
"C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
1⤵
PID:464

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
"C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
1⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
"C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
1⤵
PID:3220
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  PID:4828
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:1140
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
      "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        5⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        6⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        8⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        10⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        11⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        12⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        13⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        14⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        14⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        15⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        16⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        17⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        18⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        19⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        20⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        20⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        21⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        22⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        23⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        24⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        24⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        25⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        25⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        26⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        27⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        28⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        29⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        29⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        30⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        31⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        32⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        33⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        34⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        35⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        36⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        37⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        38⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        39⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        40⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        41⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        42⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        43⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        43⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        44⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        45⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        46⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        47⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        48⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        48⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        49⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        50⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        51⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        52⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        53⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        53⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        54⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        55⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        56⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        57⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        57⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        58⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        59⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        60⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        60⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        61⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        62⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        63⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        64⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        65⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        66⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        66⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        67⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        68⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        69⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        70⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        70⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        71⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        72⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        72⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        73⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        74⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        75⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        76⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        77⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        78⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        79⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        79⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        80⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        81⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        82⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        83⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        83⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        84⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        85⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        86⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        87⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        88⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        88⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        89⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        90⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        90⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        91⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        92⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        93⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        94⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        95⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        95⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        96⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        97⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        97⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        98⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        99⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        100⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        101⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        101⤵
        Executes dropped EXE
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        102⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        102⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        103⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        104⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        105⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        106⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        107⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        107⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        108⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        109⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        109⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        110⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        111⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        112⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        113⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        114⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        114⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        115⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        116⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        116⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        117⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        118⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        119⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        120⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        120⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        121⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        122⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        123⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        124⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        125⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        125⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        126⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        127⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        128⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        128⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        129⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        130⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        131⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        132⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        133⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        134⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        135⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        136⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        137⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        137⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        138⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        139⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        139⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        140⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        141⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        141⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        142⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        143⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        143⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        144⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        144⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        145⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        146⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        146⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        147⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        148⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        149⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        150⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        151⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        152⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        153⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        154⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        154⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        155⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        156⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        156⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        157⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        158⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        159⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        160⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        161⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        162⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        162⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        163⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        163⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        164⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        165⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        165⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        166⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        167⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        167⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        168⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        169⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        170⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        171⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        171⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        172⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        173⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        173⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        174⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        175⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        176⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        177⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        178⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        178⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        179⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        179⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        180⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        180⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        181⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        182⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        183⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        184⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        184⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        185⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        186⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        186⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        187⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        188⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        189⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        189⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        190⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        191⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        191⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        192⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        193⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        194⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        195⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        195⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        196⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        197⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        197⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        198⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        198⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        199⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        200⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        200⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        201⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        202⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        203⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        204⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        204⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        205⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        206⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        207⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        207⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        208⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        209⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        209⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        210⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        211⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        212⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        213⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        214⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        215⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        216⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        217⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        218⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        218⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        219⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        220⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        221⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        222⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        223⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        224⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        225⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        226⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        227⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        228⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        229⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        230⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        231⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        232⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        233⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        234⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        234⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        235⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        235⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        236⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        237⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        238⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        239⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        240⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        241⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        242⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        242⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        243⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        244⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        244⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        245⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        246⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        247⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        248⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        249⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        250⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        251⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        252⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        253⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        254⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        255⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        256⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        257⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        258⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        259⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        260⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        260⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        261⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        262⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        263⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        264⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        265⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        266⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        266⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        267⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        268⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        269⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        269⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        270⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        271⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        272⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        273⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        274⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        275⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        276⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        276⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        277⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        277⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        278⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        279⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        280⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        281⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        282⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        283⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        284⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        284⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        285⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        286⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        287⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        288⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        288⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        289⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        289⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        290⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        290⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        291⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        292⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        293⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        294⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        295⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        296⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        297⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        298⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        299⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        300⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        301⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        302⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        303⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        303⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        304⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        305⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        306⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        307⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        308⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        308⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        309⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        309⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        310⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        310⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        311⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        311⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        312⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        313⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        314⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        315⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        316⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        316⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        317⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        318⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        319⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        320⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        321⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        321⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        322⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        323⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        323⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        324⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        325⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        326⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        327⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        328⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        329⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        329⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        330⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        330⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        331⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        331⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        332⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        333⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        334⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        335⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        335⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        336⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        337⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        338⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        339⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        339⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        340⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        340⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        341⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        342⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        343⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        344⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        345⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        346⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        347⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        348⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        349⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        349⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        350⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        351⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        352⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        353⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        354⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        355⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        356⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        357⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        358⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        359⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        359⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        360⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        361⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        362⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        363⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        364⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        364⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        365⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        366⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        367⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        368⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        368⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        369⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        369⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        370⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        371⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        371⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        372⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        373⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        374⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        375⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        376⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        377⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        378⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        379⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        380⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        381⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        382⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        383⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        384⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        385⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        386⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        387⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        388⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        388⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        389⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        390⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        391⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        391⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        392⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        393⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        393⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        394⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        395⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        396⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        396⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        397⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        398⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        398⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        399⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        400⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        400⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        401⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        401⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        402⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        403⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        404⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        405⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        406⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        407⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        408⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        408⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        409⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        410⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        411⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        412⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        413⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        414⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        415⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        416⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        417⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        417⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        418⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        419⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        420⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        421⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        422⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        423⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        424⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        424⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        425⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        426⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        427⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        428⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        429⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        430⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        431⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        432⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        433⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        434⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        435⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        436⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        437⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        438⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        439⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        440⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        441⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        441⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        442⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        443⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        443⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        444⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        445⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        446⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        447⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        448⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        449⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        450⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        451⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        452⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        453⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        454⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        455⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        456⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        457⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        458⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        459⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        460⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        461⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        462⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        463⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        464⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        465⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        465⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        466⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        466⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        467⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        467⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        468⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        468⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        469⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        470⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        471⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        472⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        473⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        474⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        475⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        476⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        477⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        478⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        478⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        479⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        480⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        481⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        482⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        483⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        484⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        485⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        486⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        487⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        487⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        488⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        489⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        490⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        491⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        491⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        492⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        492⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        490⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        489⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        488⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        486⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        485⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        484⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        483⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        482⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        481⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        480⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        479⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        477⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        476⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        475⤵
        Executes dropped EXE
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        474⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        473⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        472⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        471⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        470⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        469⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        464⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        463⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        462⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        461⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        460⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        459⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        458⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        457⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        456⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        455⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        454⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        453⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        452⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        451⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        450⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        449⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        448⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        447⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        446⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        445⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        444⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        442⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        440⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        439⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        438⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        437⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        436⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        435⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        434⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        433⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        432⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        431⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        430⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        429⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        428⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        427⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        426⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        425⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        423⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        422⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        421⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        420⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        419⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        418⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        416⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        415⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        414⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        413⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        412⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        411⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        410⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        409⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        407⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        406⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        405⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        404⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        403⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        402⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        399⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        397⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        395⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        394⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        392⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        390⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        389⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        387⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        386⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        385⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        384⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        383⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        382⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        381⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        380⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        379⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        378⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        377⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        376⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        375⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        374⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        373⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        372⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        370⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        367⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        366⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        365⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        363⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        362⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        361⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        360⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        358⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        357⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        356⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        355⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        354⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        353⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        352⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        351⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        350⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        348⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        347⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        346⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        345⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        344⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        343⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        342⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        341⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        338⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        337⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        336⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        334⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        333⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        332⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        328⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        327⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        326⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        325⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        324⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        322⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        320⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        319⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        318⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        317⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        315⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        314⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        313⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        312⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        307⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        306⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        305⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        304⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        302⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        301⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        300⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        299⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        298⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        297⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        296⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        295⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        294⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        293⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        292⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        291⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        287⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        286⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        285⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        283⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        282⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        281⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        280⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        279⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        278⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        275⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        274⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        273⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        272⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        271⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        270⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        268⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        267⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        265⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        264⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        263⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        262⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        261⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        259⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        258⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        257⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        256⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        255⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        254⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        253⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        252⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        251⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        250⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        249⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        248⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        247⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        246⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        245⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        243⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        241⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        240⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        239⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        238⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        237⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        236⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        233⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        232⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        231⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        230⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        229⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        228⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        227⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        226⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        225⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        224⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        223⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        222⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        221⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        220⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        219⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        217⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        216⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        215⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        214⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        213⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        212⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        211⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        210⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        208⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        206⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        205⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        203⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        202⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        201⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        199⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        196⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        194⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        193⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        192⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        190⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        188⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        187⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        185⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        183⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        182⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        181⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        177⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        176⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        175⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        174⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        172⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        170⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        169⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        168⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        166⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        164⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        161⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        160⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        159⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        158⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        157⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        155⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        153⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        152⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        151⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        150⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        149⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        148⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        147⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        145⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        142⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        140⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        138⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        136⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        135⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        134⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        133⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        132⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        131⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        130⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        129⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        127⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        126⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        124⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        123⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        122⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        121⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        119⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        118⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        117⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        115⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        113⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        112⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        111⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        110⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        108⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        106⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        105⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        104⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        103⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        100⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        99⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        98⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        96⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        94⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        93⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        92⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        91⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        89⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        87⤵
        Checks computer location settings
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        86⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        85⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        84⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        82⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        81⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        80⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        78⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        77⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        76⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        75⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        74⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        73⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        71⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        69⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        68⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        67⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        65⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        64⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        63⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        62⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        61⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        59⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        58⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        56⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        55⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        54⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        52⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        51⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        50⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        49⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        47⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        46⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        45⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        44⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        42⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        41⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        40⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        39⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        38⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        37⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        36⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        35⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        34⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        33⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        32⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        31⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        30⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        28⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        27⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        26⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        23⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        22⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        21⤵
        Executes dropped EXE
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        19⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        18⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        17⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        16⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        15⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        13⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        12⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        11⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        10⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        9⤵
        Executes dropped EXE
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        7⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        6⤵
        Executes dropped EXE
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        5⤵
        
        PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
      4⤵
      PID:448
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    PID:3924

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
1⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
1⤵
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SERVERS.EXE.log

Filesize
1KB

MD5
2362dcc9d262d0969898b143fb7fc91a

SHA1
2240860a675c86425f5702b501eac121bfb744eb

SHA256
4f7cff601d97caf1e0040bc2d63ccadd27294b2e551ff4167e0b080c69a915b0

SHA512
59cb7e53dc9cc02f25216cc87115403ed67fb5d24947ef2e803cd54e9f118d5d65a71817b05642c238ca48eb7bfd228d008d92e42023f2c15755c64c88f5b0d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
memory/464-65-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/464-84-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/464-89-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/464-87-0x0000000002070000-0x0000000002080000-memory.dmp

Filesize
64KB

Download
memory/880-78-0x00000000025E0000-0x00000000025F0000-memory.dmp

Filesize
64KB

Download
memory/880-76-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1136-40-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1136-36-0x00000000027C0000-0x00000000027D2000-memory.dmp

Filesize
72KB

Download
memory/1136-19-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1136-44-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/1136-20-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/1136-49-0x0000000002820000-0x000000000285C000-memory.dmp

Filesize
240KB

Download
memory/1372-56-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1372-31-0x0000000002D80000-0x0000000002D90000-memory.dmp

Filesize
64KB

Download
memory/1372-29-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1624-43-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1624-46-0x000000001B320000-0x000000001B330000-memory.dmp

Filesize
64KB

Download
memory/1624-66-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/1784-82-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/2844-48-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/2844-51-0x000000001B930000-0x000000001B940000-memory.dmp

Filesize
64KB

Download
memory/2844-67-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3376-30-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3376-35-0x00000000012E0000-0x00000000012F0000-memory.dmp

Filesize
64KB

Download
memory/3376-15-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3376-17-0x00000000012E0000-0x00000000012F0000-memory.dmp

Filesize
64KB

Download
memory/3376-41-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3540-22-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3540-23-0x000000001B440000-0x000000001B450000-memory.dmp

Filesize
64KB

Download
memory/3540-45-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3540-50-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3600-34-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3600-61-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3732-71-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3732-91-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3732-90-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3776-27-0x000000001BA40000-0x000000001BA50000-memory.dmp

Filesize
64KB

Download
memory/3776-25-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3776-53-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-12-0x0000000002A80000-0x0000000002B1E000-memory.dmp

Filesize
632KB

Download
memory/3808-11-0x0000000000A80000-0x0000000000A88000-memory.dmp

Filesize
32KB

Download
memory/3808-13-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-16-0x000000001B7B0000-0x000000001B7C0000-memory.dmp

Filesize
64KB

Download
memory/3808-33-0x000000001B7B0000-0x000000001B7C0000-memory.dmp

Filesize
64KB

Download
memory/3808-26-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/3808-42-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4268-62-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4268-69-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/4268-81-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4268-83-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/4268-88-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4272-68-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4272-55-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4272-57-0x000000001B480000-0x000000001B490000-memory.dmp

Filesize
64KB

Download
memory/4344-92-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4344-74-0x000000001B360000-0x000000001B370000-memory.dmp

Filesize
64KB

Download
memory/4344-73-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4392-86-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4584-77-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4584-80-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4584-63-0x000000001B940000-0x000000001B950000-memory.dmp

Filesize
64KB

Download
memory/4584-59-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/4828-96-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download
memory/5100-94-0x00007FF9BEB30000-0x00007FF9BF5F1000-memory.dmp

Filesize
10.8MB

Download