4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365

max time kernel
1803s
max time network
1807s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888Rat.exe
Size

93.6MB
MD5

553951bbbde6c6001ade88f3a06a9b9a
SHA1

28cd84b4533433cc925123f106e4efbbddd3c2ca
SHA256

4870376811dd3c5eabe924c793079629d13a7813bf1a3014b5333b132be50365
SHA512

e9cf57ca2cd87fa2b3c05c0003ae11fc51d4139072d028ba52d665de57fffcb9c279cbe19ede001cc56ac464212ab8f6cbb8e7023c7ca567835a7b540a58521d
SSDEEP

1572864:ST0EdFgdUIGfkS0H4HHDXLYrXatfLllR3Rbop0+xXlMSyCXsRuG0CPb0V+8VM5km:ST0I1IGfr0H4HbLYrXajRPcl0issnM4s

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 36 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	888RAT.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	888RAT.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	SERVERS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	Process not Found

Executes dropped EXE 31 IoCs

pid	Process
3044	SERVERS.EXE
3280	SERVERS.EXE
2788	Process not Found
4744	Process not Found
3020	Process not Found
3968	Process not Found
2032	Process not Found
116	SERVERS.EXE
5056	Process not Found
3552	Process not Found
1652	Process not Found
464	SERVERS.EXE
2676	888RAT.EXE
3872	Process not Found
3816	Process not Found
4328	Process not Found
1816	Process not Found
1196	Process not Found
4084	Process not Found
4240	Process not Found
3492	Process not Found
3916	Process not Found
496	Process not Found
400	Process not Found
572	Process not Found
1148	Process not Found
4640	888RAT.EXE
4988	Process not Found
5052	Process not Found
3800	Process not Found
1104	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GeForce = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\SERVERS.EXE\""	SERVERS.EXE

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
35	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3908	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3044	SERVERS.EXE
3044	SERVERS.EXE
3044	SERVERS.EXE
3044	SERVERS.EXE
3044	SERVERS.EXE
3044	SERVERS.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3044	SERVERS.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3044	SERVERS.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 4920	1196	Process not Found	659
PID 1196 wrote to memory of 4920	1196	Process not Found	659
PID 1196 wrote to memory of 4920	1196	Process not Found	659
PID 1196 wrote to memory of 3044	1196	Process not Found	95
PID 1196 wrote to memory of 3044	1196	Process not Found	95
PID 4920 wrote to memory of 4964	4920	SERVERS.EXE	94
PID 4920 wrote to memory of 4964	4920	SERVERS.EXE	94
PID 4920 wrote to memory of 4964	4920	SERVERS.EXE	94
PID 4920 wrote to memory of 3280	4920	Process not Found	92
PID 4920 wrote to memory of 3280	4920	Process not Found	92
PID 4964 wrote to memory of 3596	4964	888RAT.EXE	1587
PID 4964 wrote to memory of 3596	4964	888RAT.EXE	1587
PID 4964 wrote to memory of 3596	4964	888RAT.EXE	1587
PID 4964 wrote to memory of 2788	4964	888RAT.EXE	1981
PID 4964 wrote to memory of 2788	4964	888RAT.EXE	1981
PID 3596 wrote to memory of 1920	3596	Process not Found	1879
PID 3596 wrote to memory of 1920	3596	Process not Found	1879
PID 3596 wrote to memory of 1920	3596	Process not Found	1879
PID 3596 wrote to memory of 4744	3596	Process not Found	1719
PID 3596 wrote to memory of 4744	3596	Process not Found	1719
PID 1920 wrote to memory of 464	1920	Process not Found	118
PID 1920 wrote to memory of 464	1920	Process not Found	118
PID 1920 wrote to memory of 464	1920	Process not Found	118
PID 1920 wrote to memory of 3020	1920	Process not Found	1693
PID 1920 wrote to memory of 3020	1920	Process not Found	1693
PID 464 wrote to memory of 656	464	SERVERS.EXE	1296
PID 464 wrote to memory of 656	464	SERVERS.EXE	1296
PID 464 wrote to memory of 656	464	SERVERS.EXE	1296
PID 464 wrote to memory of 3968	464	SERVERS.EXE	2203
PID 464 wrote to memory of 3968	464	SERVERS.EXE	2203
PID 656 wrote to memory of 4796	656	Process not Found	2053
PID 656 wrote to memory of 4796	656	Process not Found	2053
PID 656 wrote to memory of 4796	656	Process not Found	2053
PID 656 wrote to memory of 2032	656	Process not Found	2311
PID 656 wrote to memory of 2032	656	Process not Found	2311
PID 4796 wrote to memory of 1404	4796	Process not Found	2221
PID 4796 wrote to memory of 1404	4796	Process not Found	2221
PID 4796 wrote to memory of 1404	4796	Process not Found	2221
PID 4796 wrote to memory of 116	4796	Process not Found	309
PID 4796 wrote to memory of 116	4796	Process not Found	309
PID 1404 wrote to memory of 4184	1404	Process not Found	1480
PID 1404 wrote to memory of 4184	1404	Process not Found	1480
PID 1404 wrote to memory of 4184	1404	Process not Found	1480
PID 1404 wrote to memory of 5056	1404	Process not Found	2399
PID 1404 wrote to memory of 5056	1404	Process not Found	2399
PID 3044 wrote to memory of 3908	3044	SERVERS.EXE	2395
PID 3044 wrote to memory of 3908	3044	SERVERS.EXE	2395
PID 4184 wrote to memory of 4512	4184	Process not Found	1035
PID 4184 wrote to memory of 4512	4184	Process not Found	1035
PID 4184 wrote to memory of 4512	4184	Process not Found	1035
PID 4184 wrote to memory of 3552	4184	Process not Found	2488
PID 4184 wrote to memory of 3552	4184	Process not Found	2488
PID 4512 wrote to memory of 4824	4512	SERVERS.EXE	2378
PID 4512 wrote to memory of 4824	4512	SERVERS.EXE	2378
PID 4512 wrote to memory of 4824	4512	SERVERS.EXE	2378
PID 4512 wrote to memory of 1652	4512	SERVERS.EXE	2387
PID 4512 wrote to memory of 1652	4512	SERVERS.EXE	2387
PID 4824 wrote to memory of 4008	4824	Process not Found	3066
PID 4824 wrote to memory of 4008	4824	Process not Found	3066
PID 4824 wrote to memory of 4008	4824	Process not Found	3066
PID 4824 wrote to memory of 464	4824	Process not Found	118
PID 4824 wrote to memory of 464	4824	Process not Found	118
PID 4008 wrote to memory of 3104	4008	Process not Found	1746
PID 4008 wrote to memory of 3104	4008	Process not Found	1746

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\888Rat.exe
"C:\Users\Admin\AppData\Local\Temp\888Rat.exe"
1⤵
PID:1196
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /tn "WINDOWSSYSTEMHOST" /tr "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE" /sc MINUTE /MO 1
    3⤵
    - Creates scheduled task(s)
    PID:3908
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:4920

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
"C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
1⤵
- Executes dropped EXE
PID:3280

C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
"C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
      "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
      4⤵
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        5⤵
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        10⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        11⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        12⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        7⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        6⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        5⤵
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
      4⤵
      PID:3020
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    PID:4744
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  PID:2788

C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
"C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
  "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
  2⤵
  PID:4072
- - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
    "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
    3⤵
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
      "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        8⤵
        Checks computer location settings
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        11⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        12⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        13⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        14⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        15⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        16⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        17⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        18⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        19⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        20⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        20⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        21⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        22⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        23⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        23⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        24⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        25⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        26⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        27⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        28⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        29⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        30⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        30⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        31⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        32⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        33⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        33⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        34⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        34⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        35⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        36⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        36⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        37⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        37⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        38⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        39⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        40⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        40⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        41⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        42⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        43⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        44⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        44⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        45⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        46⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        47⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        48⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        49⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        50⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        51⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        52⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        53⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        54⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        54⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        55⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        55⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        56⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        56⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        57⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        58⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        59⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        59⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        60⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        61⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        62⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        62⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        63⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        64⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        65⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        65⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        66⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        66⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        67⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        68⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        69⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        70⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        71⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        71⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        72⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        72⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        73⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        74⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        75⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        76⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        77⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        78⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        79⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        80⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        81⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        82⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        83⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        84⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        85⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        86⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        87⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        88⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        88⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        89⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        89⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        90⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        91⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        91⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        92⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        93⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        94⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        95⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        95⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        96⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        97⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        97⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        98⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        99⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        99⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        100⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        101⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        102⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        103⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        104⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        105⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        106⤵
        Executes dropped EXE
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        107⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        108⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        109⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        110⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        111⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        111⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        112⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        113⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        114⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        115⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        115⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        116⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        117⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        118⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        118⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        119⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        119⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        120⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        121⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        122⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        123⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        123⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        124⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        125⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        125⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        126⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        127⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        128⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        129⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        130⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        131⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        132⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        133⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        134⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        134⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        135⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        136⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        136⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        137⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        138⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        139⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        139⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        140⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        141⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        142⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        142⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        143⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        144⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        144⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        145⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        145⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        146⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        147⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        148⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        149⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        150⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        151⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        151⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        152⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        152⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        153⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        153⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        154⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        155⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        156⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        156⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        157⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        157⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        158⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        158⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        159⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        160⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        161⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        162⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        162⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        163⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        164⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        165⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        165⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        166⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        167⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        168⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        169⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        170⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        170⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        171⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        171⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        172⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        172⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        173⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        173⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        174⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        174⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        175⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        176⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        177⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        178⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        178⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        179⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        179⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        180⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        181⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        182⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        182⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        183⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        183⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        184⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        185⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        186⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        187⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        187⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        188⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        189⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        189⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        190⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        191⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        192⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        193⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        194⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        194⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        195⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        195⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        196⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        197⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        198⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        199⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        200⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        200⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        201⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        201⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        202⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        203⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        204⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        205⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        205⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        206⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        206⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        207⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        208⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        209⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        209⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        210⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        211⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        211⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        212⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        213⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        214⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        214⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        215⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        216⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        217⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        218⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        219⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        220⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        220⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        221⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        222⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        223⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        224⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        225⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        226⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        226⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        227⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        228⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        228⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        229⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        230⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        231⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        232⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        233⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        234⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        235⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        235⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        236⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        237⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        238⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        239⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        239⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        240⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        240⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        241⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        242⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        243⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        244⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        245⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        246⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        247⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        248⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        248⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        249⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        250⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        251⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        252⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        253⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        254⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        255⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        255⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        256⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        256⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        257⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        258⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        259⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        260⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        261⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        261⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        262⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        263⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        264⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        264⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        265⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        266⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        267⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        268⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        268⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        269⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        269⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        270⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        271⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        272⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        273⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        273⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        274⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        275⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        276⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        277⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        278⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        279⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        279⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        280⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        281⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        282⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        283⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        284⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        285⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        286⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        286⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        287⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        287⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        288⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        289⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        289⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        290⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        290⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        291⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        291⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        292⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        293⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        293⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        294⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        295⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        296⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        296⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        297⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        298⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        299⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        300⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        301⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        302⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        303⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        304⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        304⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        305⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        306⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        307⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        307⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        308⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        309⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        310⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        311⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        311⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        312⤵
        Checks computer location settings
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        312⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        313⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        314⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        315⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        316⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        317⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        318⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        319⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        320⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        320⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        321⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        322⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        323⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        324⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        325⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        325⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        326⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        326⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        327⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        328⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        328⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        329⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        330⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        330⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        331⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        331⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        332⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        333⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        334⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        334⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        335⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        336⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        337⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        337⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        338⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        339⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        340⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        340⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        341⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        342⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        342⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        343⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        344⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        344⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        345⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        346⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        347⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        347⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        348⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        349⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        350⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        350⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        351⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        351⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        352⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        353⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        354⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        354⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        355⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        355⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        356⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        357⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        358⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        359⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        360⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        361⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        362⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        362⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        363⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        364⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        364⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        365⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        365⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        366⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        367⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        368⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        369⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        370⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        370⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        371⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        372⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        372⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        373⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        374⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        374⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        375⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        375⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        376⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        377⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        378⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        379⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        380⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        381⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        382⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        383⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        384⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        385⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        386⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        387⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        388⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        389⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        389⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        390⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        391⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        392⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        392⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        393⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        394⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        395⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        396⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        397⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        398⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        398⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        399⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        400⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        401⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        402⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        403⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        404⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        405⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        405⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        406⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        407⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        408⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        409⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        410⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        411⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        412⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        413⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        414⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        414⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        415⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        416⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        417⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        418⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        419⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        420⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        421⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        421⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        422⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        423⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        423⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        424⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        424⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        425⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        426⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        426⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        427⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        428⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        429⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        430⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        431⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        432⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        433⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        434⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        435⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        435⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        436⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        436⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        437⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        438⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        439⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        440⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        441⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        442⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        443⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        444⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        445⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        446⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        447⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        448⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        448⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        449⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        449⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        450⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        451⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        452⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        453⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        454⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        454⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        455⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        456⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        456⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        457⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        457⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        458⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        459⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        460⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        460⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        461⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        462⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        462⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        463⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        464⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        465⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        465⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        466⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        467⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        468⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        469⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        470⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        471⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        471⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        472⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        473⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        474⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        474⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        475⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        475⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        476⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        477⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        478⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        479⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        480⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        481⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        482⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        482⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        483⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        484⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        485⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        486⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        487⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        488⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        489⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        490⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        490⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        491⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        491⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        492⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        492⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        493⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        493⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        494⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        494⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        495⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        496⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        496⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\888RAT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\888RAT.EXE"
        497⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        497⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        495⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        489⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        488⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        487⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        486⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        485⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        484⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        483⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        481⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        480⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        479⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        478⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        477⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        476⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        473⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        472⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        470⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        469⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        468⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        467⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        466⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        464⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        463⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        461⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        459⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        458⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        455⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        453⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        452⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        451⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        450⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        447⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        446⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        445⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        444⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        443⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        442⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        441⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        440⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        439⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        438⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        437⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        434⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        433⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        432⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        431⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        430⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        429⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        428⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        427⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        425⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        422⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        420⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        419⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        418⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        417⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        416⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        415⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        413⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        412⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        411⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        410⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        409⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        408⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        407⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        406⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        404⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        403⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        402⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        401⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        400⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        399⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        397⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        396⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        395⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        394⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        393⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        391⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        390⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        388⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        387⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        386⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        385⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        384⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        383⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        382⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        381⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        380⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        379⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        378⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        377⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        376⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        373⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        371⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        369⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        368⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        367⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        366⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        363⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        361⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        360⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        359⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        358⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        357⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        356⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        353⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        352⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        349⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        348⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        346⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        345⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        343⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        341⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        339⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        338⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        336⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        335⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        333⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        332⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        329⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        327⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        324⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        323⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        322⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        321⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        319⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        318⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        317⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        316⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        315⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        314⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        313⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        310⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        309⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        308⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        306⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        305⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        303⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        302⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        301⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        300⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        299⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        298⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        297⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        295⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        294⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        292⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        288⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        285⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        284⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        283⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        282⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        281⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        280⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        278⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        277⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        276⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        275⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        274⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        272⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        271⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        270⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        267⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        266⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        265⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        263⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        262⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        260⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        259⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        258⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        257⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        254⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        253⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        252⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        251⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        250⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        249⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        247⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        246⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        245⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        244⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        243⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        242⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        241⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        238⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        237⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        236⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        234⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        233⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        232⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        231⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        230⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        229⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        227⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        225⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        224⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        223⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        222⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        221⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        219⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        218⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        217⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        216⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        215⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        213⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        212⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        210⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        208⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        207⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        204⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        203⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        202⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        199⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        198⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        197⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        196⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        193⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        192⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        191⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        190⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        188⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        186⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        185⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        184⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        181⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        180⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        177⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        176⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        175⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        169⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        168⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        167⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        166⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        164⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        163⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        161⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        160⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        159⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        155⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        154⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        150⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        149⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        148⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        147⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        146⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        143⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        141⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        140⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        138⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        137⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        135⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        133⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        132⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        131⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        130⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        129⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        128⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        127⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        126⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        124⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        122⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        121⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        120⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        117⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        116⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        114⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        113⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        112⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        110⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        109⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        108⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        107⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        106⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        105⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        104⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        103⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        102⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        101⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        100⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        98⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        96⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        94⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        93⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        92⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        90⤵
        Executes dropped EXE
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        87⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        86⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        85⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        84⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        83⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        82⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        81⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        80⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        79⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        78⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        77⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        76⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        75⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        74⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        73⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        70⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        69⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        68⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        67⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        64⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        63⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        61⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        60⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        58⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        57⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        53⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        52⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        51⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        50⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        49⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        48⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        47⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        46⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        45⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        43⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        42⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        41⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        39⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        38⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        35⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        32⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        31⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        29⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        28⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        27⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        26⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        25⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        24⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        22⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        21⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        19⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        18⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        17⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        16⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        15⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        14⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        13⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        12⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        10⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        7⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        6⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
        5⤵
        
        PID:1196
- - C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
    3⤵
    PID:4328
- C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
  "C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
  2⤵
  PID:3816

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
"C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE"
1⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
1⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SERVERS.EXE.log

Filesize
1KB

MD5
2362dcc9d262d0969898b143fb7fc91a

SHA1
2240860a675c86425f5702b501eac121bfb744eb

SHA256
4f7cff601d97caf1e0040bc2d63ccadd27294b2e551ff4167e0b080c69a915b0

SHA512
59cb7e53dc9cc02f25216cc87115403ed67fb5d24947ef2e803cd54e9f118d5d65a71817b05642c238ca48eb7bfd228d008d92e42023f2c15755c64c88f5b0d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SERVERS.EXE

Filesize
342KB

MD5
1f48c93f9d616ecee5bf74753831b9a2

SHA1
54fdaa4c5e40db13b6983fa7abdd37a8b5451a74

SHA256
f5e7fa13587f98346f53fd730f621811dcd5685bdd401a6115f49a4dbfadf89e

SHA512
fc0602d96beab064c23b6e5a9b9ac0bfbdc35e27b661f2cdd2552b0e71bdb7b680a48cdc1f60ac439b1fefddd10c08cb9e7a4b9b02068e5c66ccc4ec7a73cdf4

Download Submit
memory/116-42-0x000000001BBD0000-0x000000001BBE0000-memory.dmp

Filesize
64KB

Download
memory/116-59-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/116-40-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/464-75-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/464-60-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/464-61-0x000000001B200000-0x000000001B210000-memory.dmp

Filesize
64KB

Download
memory/1196-83-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/1196-84-0x0000000002D90000-0x0000000002DA0000-memory.dmp

Filesize
64KB

Download
memory/1652-57-0x000000001B3D0000-0x000000001B3E0000-memory.dmp

Filesize
64KB

Download
memory/1652-56-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/1652-71-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/1816-80-0x000000001B920000-0x000000001B930000-memory.dmp

Filesize
64KB

Download
memory/1816-95-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/1816-79-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2032-33-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2032-55-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2676-81-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2676-65-0x00000000024D0000-0x00000000024E0000-memory.dmp

Filesize
64KB

Download
memory/2676-64-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2788-18-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2788-39-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/2788-19-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/3020-24-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3020-46-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3020-26-0x000000001B080000-0x000000001B090000-memory.dmp

Filesize
64KB

Download
memory/3044-16-0x000000001B9B0000-0x000000001B9C0000-memory.dmp

Filesize
64KB

Download
memory/3044-14-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3044-35-0x000000001B9E0000-0x000000001B9F2000-memory.dmp

Filesize
72KB

Download
memory/3044-32-0x000000001B9B0000-0x000000001B9C0000-memory.dmp

Filesize
64KB

Download
memory/3044-44-0x000000001D120000-0x000000001D15C000-memory.dmp

Filesize
240KB

Download
memory/3044-11-0x0000000000E70000-0x0000000000E78000-memory.dmp

Filesize
32KB

Download
memory/3044-25-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3044-12-0x0000000002ED0000-0x0000000002F6E000-memory.dmp

Filesize
632KB

Download
memory/3280-15-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3280-28-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3280-34-0x000000001B300000-0x000000001B310000-memory.dmp

Filesize
64KB

Download
memory/3280-41-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3492-96-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3492-97-0x0000000002870000-0x0000000002880000-memory.dmp

Filesize
64KB

Download
memory/3552-66-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3552-52-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3552-53-0x000000001BA50000-0x000000001BA60000-memory.dmp

Filesize
64KB

Download
memory/3816-88-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3816-72-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3816-73-0x000000001AE90000-0x000000001AEA0000-memory.dmp

Filesize
64KB

Download
memory/3872-69-0x000000001B620000-0x000000001B630000-memory.dmp

Filesize
64KB

Download
memory/3872-68-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3872-85-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3968-29-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3968-51-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/3968-30-0x000000001B830000-0x000000001B840000-memory.dmp

Filesize
64KB

Download
memory/4084-89-0x000000001BA90000-0x000000001BAA0000-memory.dmp

Filesize
64KB

Download
memory/4084-87-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/4240-92-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/4240-93-0x000000001AF90000-0x000000001AFA0000-memory.dmp

Filesize
64KB

Download
memory/4300-2260-0x00007FFDFF310000-0x00007FFDFF665000-memory.dmp

Filesize
3.3MB

Download
memory/4328-91-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/4328-76-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/4328-77-0x000000001AE40000-0x000000001AE50000-memory.dmp

Filesize
64KB

Download
memory/4744-22-0x000000001B180000-0x000000001B190000-memory.dmp

Filesize
64KB

Download
memory/4744-21-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/4744-43-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/5056-49-0x000000001B480000-0x000000001B490000-memory.dmp

Filesize
64KB

Download
memory/5056-63-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download
memory/5056-47-0x00007FFDE1240000-0x00007FFDE1D01000-memory.dmp

Filesize
10.8MB

Download